diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2017-10-20 21:24:05 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2017-10-20 21:24:05 +0200 |
| commit | a02f79e92b255f9a19ff5cb3a02ccda15e3fb356 (patch) | |
| tree | fcd0dea6fed60a462b6d28d0dccd98d3f1c9050a | |
| parent | 200193708b4ab76dc0cd74cb1f125e82569820f3 (diff) | |
| download | pki-dev-a02f79e92b255f9a19ff5cb3a02ccda15e3fb356.tar.gz pki-dev-a02f79e92b255f9a19ff5cb3a02ccda15e3fb356.tar.xz pki-dev-a02f79e92b255f9a19ff5cb3a02ccda15e3fb356.zip | |
Updated TPS scripts.
| -rwxr-xr-x | scripts/tps-build.sh | 2 | ||||
| -rw-r--r-- | scripts/tps-configure.out | 3771 | ||||
| -rwxr-xr-x | scripts/tps-create.sh | 4 | ||||
| -rwxr-xr-x | scripts/tps-publish.sh | 2 |
4 files changed, 4 insertions, 3775 deletions
diff --git a/scripts/tps-build.sh b/scripts/tps-build.sh index c02cf72..c5cc6a0 100755 --- a/scripts/tps-build.sh +++ b/scripts/tps-build.sh @@ -16,4 +16,4 @@ $COMPOSE --work-dir $BUILD_DIR/rpmbuild rpms rm -rf repo mkdir -p repo mv `find rpmbuild/RPMS -name *.rpm` repo -createrepo repo +#createrepo repo diff --git a/scripts/tps-configure.out b/scripts/tps-configure.out deleted file mode 100644 index 5b5fddc..0000000 --- a/scripts/tps-configure.out +++ /dev/null @@ -1,3771 +0,0 @@ -libpath=/usr/lib64 -####################################################################### -CRYPTO INIT WITH CERTDB:/home/edewata/Projects/pki-dev/certs/tps -tokenpwd:Secret123 -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -in TestCertApprovalCallback.approve() -Peer cert details: - subject: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 - issuer: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 - serial: 0 -item 1 reason=-8156 depth=1 - cert details: - subject: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 - issuer: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 - serial: 0 -item 2 reason=-8172 depth=1 - cert details: - subject: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 - issuer: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 - serial: 0 -importing certificate. -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/login?pin=hVBuhr0azj9HumVnT4P8&xml=true -RESPONSE STATUS: HTTP/1.1 302 Found -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:10 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Set-Cookie: pin=hVBuhr0azj9HumVnT4P8; path=/; expires=Fri, 21-Nov-2014 17:53:10 GMT -RESPONSE HEADER: Location: wizard -RESPONSE HEADER: Content-Length: 0 -RESPONSE HEADER: Keep-Alive: timeout=15, max=100 -RESPONSE HEADER: Connection: Keep-Alive -RESPONSE HEADER: Content-Type: text/html -xml returned: -cookie list: pin=hVBuhr0azj9HumVnT4P8; path=/; expires=Fri, 21-Nov-2014 17:53:10 GMT -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=0&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:10 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <csstate>1</csstate> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <errorString/> - <firstpanel>0</firstpanel> - <lastpanel>0</lastpanel> - <name>Token Processing System</name> - <oms/> - <p>1</p> - <panel>tps/admin/console/config/modulepanel.vm</panel> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <ppcerts/> - <productversion>10.1.0</productversion> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <subpanelno>2</subpanelno> - <title>Security Modules</title> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=1&choice=NSS+Certificate+DB&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:16 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <csstate>1</csstate> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <errorString/> - <firstpanel>0</firstpanel> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <lastpanel>0</lastpanel> - <name>Token Processing System</name> - <oms/> - <p>3</p> - <panel>tps/admin/console/config/securitydomainpanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <ppcerts/> - <productversion>10.1.0</productversion> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>4</subpanelno> - <title>Security Domain</title> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=3&choice=existingdomain&sdomainURL=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A8443&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:22 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <csstate>1</csstate> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <errorString/> - <firstpanel>0</firstpanel> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <lastpanel>0</lastpanel> - <name>Token Processing System</name> - <oms/> - <p>4</p> - <panel>tps/admin/console/config/displaycertchainpanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <ppcerts/> - <productversion>10.1.0</productversion> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>5</subpanelno> - <title>Display Certificate Chain</title> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=4&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 301 Moved Permanently -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:29 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Location: https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS -RESPONSE HEADER: Content-Length: 0 -RESPONSE HEADER: Keep-Alive: timeout=15, max=100 -RESPONSE HEADER: Connection: Keep-Alive -RESPONSE HEADER: Content-Type: text/html -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:8443 -in TestCertApprovalCallback.approve() -Peer cert details: - subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE - issuer: CN=CA Signing Certificate,O=EXAMPLE - serial: 3 -item 1 reason=-8172 depth=1 - cert details: - subject: CN=CA Signing Certificate,O=EXAMPLE - issuer: CN=CA Signing Certificate,O=EXAMPLE - serial: 1 -importing certificate. -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:8443//ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DTPS -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Server: Apache-Coyote/1.1 -RESPONSE HEADER: Content-Type: text/html;charset=UTF-8 -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:35 GMT -RESPONSE HEADER: Connection: close -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:8443 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:8443//ca/admin/ca/getCookie?uid=caadmin&pwd=Secret123&url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DTPS -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Server: Apache-Coyote/1.1 -RESPONSE HEADER: Content-Type: text/html -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:36 GMT -RESPONSE HEADER: Connection: close -Sleeping for 5 secs.. -TPS_SESSION_ID=5892650296702736989 -TPS_URL=https://vm-084.idm.lab.bos.redhat.com:7890/tps/admin/console/config/wizard?p=3&subsystem=TPS -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=5&subsystem=TPS&session_id=5892650296702736989&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:41 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -Sleeping for 5 secs.. -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=5&choice=newsubsystem&subsystemName=Token+Processing+System&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:53 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <check_clonesubsystem/> - <check_newsubsystem/> - <csstate>1</csstate> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <disableClone>1</disableClone> - <errorString/> - <firstpanel>0</firstpanel> - <fullsystemname>Token Processing System </fullsystemname> - <http_port>7888</http_port> - <https_port>7889</https_port> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <lastpanel>0</lastpanel> - <machineName>localhost</machineName> - <name>Token Processing System</name> - <non_clientauth_https_port>7890</non_clientauth_https_port> - <oms/> - <p>6</p> - <panel>tps/admin/console/config/cainfopanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <ppcerts/> - <productversion>10.1.0</productversion> - <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>7</subpanelno> - <subsystemName>Token Processing System</subsystemName> - <systemname>Token Processing </systemname> - <title>CA Information</title> - <urls> - <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element> - </urls> - <urls_size>1</urls_size> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=6&urls=0&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:59 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <check_clonesubsystem/> - <check_newsubsystem/> - <csstate>1</csstate> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <disableClone>1</disableClone> - <errorString/> - <firstpanel>0</firstpanel> - <fullsystemname>Token Processing System </fullsystemname> - <http_port>7888</http_port> - <https_port>7889</https_port> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <lastpanel>0</lastpanel> - <machineName>localhost</machineName> - <name>Token Processing System</name> - <non_clientauth_https_port>7890</non_clientauth_https_port> - <oms/> - <p>7</p> - <panel>tps/admin/console/config/tksinfopanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <ppcerts/> - <productversion>10.1.0</productversion> - <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>8</subpanelno> - <subsystemName>Token Processing System</subsystemName> - <systemname>Token Processing </systemname> - <title>TKS Information</title> - <urls> - <element>TKS vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element> - </urls> - <urls_size>1</urls_size> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=7&urls=0&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:05 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <check_clonesubsystem/> - <check_newsubsystem/> - <csstate>1</csstate> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <disableClone>1</disableClone> - <errorString/> - <firstpanel>0</firstpanel> - <fullsystemname>Token Processing System </fullsystemname> - <http_port>7888</http_port> - <https_port>7889</https_port> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <lastpanel>0</lastpanel> - <machineName>localhost</machineName> - <name>Token Processing System</name> - <non_clientauth_https_port>7890</non_clientauth_https_port> - <oms/> - <p>8</p> - <panel>tps/admin/console/config/drminfopanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <ppcerts/> - <productversion>10.1.0</productversion> - <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>9</subpanelno> - <subsystemName>Token Processing System</subsystemName> - <systemname>Token Processing </systemname> - <title>DRM Information</title> - <urls> - <element>KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element> - </urls> - <urls_size>1</urls_size> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=8&choice=keygen&urls=0&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:12 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <basedn>dc=idm,dc=lab,dc=bos,dc=redhat,dc=com</basedn> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <check_clonesubsystem/> - <check_newsubsystem/> - <csstate>1</csstate> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <disableClone>1</disableClone> - <errorString/> - <firstpanel>0</firstpanel> - <fullsystemname>Token Processing System </fullsystemname> - <hostname>localhost</hostname> - <http_port>7888</http_port> - <https_port>7889</https_port> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <lastpanel>0</lastpanel> - <machineName>localhost</machineName> - <name>Token Processing System</name> - <non_clientauth_https_port>7890</non_clientauth_https_port> - <oms/> - <p>9</p> - <panel>tps/admin/console/config/authdbpanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <portStr>389</portStr> - <ppcerts/> - <productversion>10.1.0</productversion> - <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <secureconn>false</secureconn> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>10</subpanelno> - <subsystemName>Token Processing System</subsystemName> - <systemname>Token Processing </systemname> - <title>Authentication Directory</title> - <urls> - <element>KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element> - </urls> - <urls_size>1</urls_size> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=9&host=vm-084.idm.lab.bos.redhat.com&port=389&basedn=dc%3Dexample%2Cdc%3Dcom&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:18 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn> - <binddn>cn=directory manager</binddn> - <bindpwd/> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <check_clonesubsystem/> - <check_newsubsystem/> - <csstate>1</csstate> - <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <disableClone>1</disableClone> - <errorString/> - <firstpanel>0</firstpanel> - <fullsystemname>Token Processing System </fullsystemname> - <hostname>localhost</hostname> - <http_port>7888</http_port> - <https_port>7889</https_port> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <lastpanel>0</lastpanel> - <machineName>localhost</machineName> - <name>Token Processing System</name> - <non_clientauth_https_port>7890</non_clientauth_https_port> - <oms/> - <p>10</p> - <panel>tps/admin/console/config/databasepanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <portStr>389</portStr> - <ppcerts/> - <productversion>10.1.0</productversion> - <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <secureconn>false</secureconn> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>11</subpanelno> - <subsystemName>Token Processing System</subsystemName> - <systemname>Token Processing </systemname> - <title>Internal Database</title> - <urls> - <element>KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element> - </urls> - <urls_size>1</urls_size> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=10&host=vm-084.idm.lab.bos.redhat.com&port=389&binddn=cn%3DDirectory+Manager&__bindpwd=Secret123&basedn=dc%3Dtps%2Cdc%3Dexample%2Cdc%3Dcom&database=pki-tps&display=&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:24 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn> - <binddn>cn=directory manager</binddn> - <bindpwd/> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <certs> - <element> - <certinfo> - <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps</dn> - <tag>sslserver</tag> - <friendly>SSL Server Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Subsystem Certificate, OU=pki-tps</dn> - <tag>subsystem</tag> - <friendly>Subsystem Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Audit Signing Certificate, OU=pki-tps</dn> - <tag>audit_signing</tag> - <friendly>Audit Log Signing Certificate</friendly> - </certinfo> - </element> - </certs> - <check_clonesubsystem/> - <check_newsubsystem/> - <csstate>1</csstate> - <custom_size>2048</custom_size> - <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <default_ecc_curvename>nistp256</default_ecc_curvename> - <default_keysize>2048</default_keysize> - <disableClone>1</disableClone> - <errorString/> - <firstpanel>0</firstpanel> - <firsttime>true</firsttime> - <fullsystemname>Token Processing System </fullsystemname> - <hostname>localhost</hostname> - <http_port>7888</http_port> - <https_port>7889</https_port> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list> - <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list> - <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list> - <lastpanel>0</lastpanel> - <machineName>localhost</machineName> - <name>Token Processing System</name> - <non_clientauth_https_port>7890</non_clientauth_https_port> - <oms/> - <p>11</p> - <panel>tps/admin/console/config/sizepanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <portStr>389</portStr> - <ppcerts/> - <productversion>10.1.0</productversion> - <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <secureconn>false</secureconn> - <select>default</select> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>12</subpanelno> - <subsystemName>Token Processing System</subsystemName> - <systemname>Token Processing </systemname> - <title>Key Pairs</title> - <urls> - <element>KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element> - </urls> - <urls_size>1</urls_size> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=11&keytype=rsa&choice=default&custom_size=2048&sslserver_keytype=rsa&sslserver_choice=custom&sslserver_custom_size=2048&subsystem_keytype=rsa&subsystem_choice=custom&subsystem_custom_size=2048&audit_signing_keytype=rsa&audit_signing_choice=default&audit_signing_custom_size=2048&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:39 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn> - <binddn>cn=directory manager</binddn> - <bindpwd/> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <certs> - <element> - <certinfo> - <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE</dn> - <tag>sslserver</tag> - <friendly>SSL Server Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE</dn> - <tag>subsystem</tag> - <friendly>Subsystem Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE</dn> - <tag>audit_signing</tag> - <friendly>Audit Log Signing Certificate</friendly> - </certinfo> - </element> - </certs> - <check_clonesubsystem/> - <check_newsubsystem/> - <csstate>1</csstate> - <custom_size>2048</custom_size> - <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <default_ecc_curvename>nistp256</default_ecc_curvename> - <default_keysize>2048</default_keysize> - <disableClone>1</disableClone> - <errorString/> - <firstpanel>0</firstpanel> - <firsttime>true</firsttime> - <fullsystemname>Token Processing System </fullsystemname> - <hostname>localhost</hostname> - <http_port>7888</http_port> - <https_port>7889</https_port> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list> - <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list> - <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list> - <lastpanel>0</lastpanel> - <machineName>localhost</machineName> - <name>Token Processing System</name> - <non_clientauth_https_port>7890</non_clientauth_https_port> - <oms/> - <p>12</p> - <panel>tps/admin/console/config/namepanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <portStr>389</portStr> - <ppcerts/> - <productversion>10.1.0</productversion> - <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <secureconn>false</secureconn> - <select>default</select> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>13</subpanelno> - <subsystemName>Token Processing System</subsystemName> - <systemname>Token Processing </systemname> - <title>Subject Names</title> - <urls> - <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element> - <element>External CA</element> - </urls> - <urls_size>3</urls_size> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=12&sslserver=CN%3Dvm-084.idm.lab.bos.redhat.com%2CO%3DEXAMPLE&sslserver_nick=Server-Cert+cert-pki-tps&subsystem=CN%3DTPS+Subsystem+Certificate%2CO%3DEXAMPLE&subsystem_nick=subsystemCert+cert-pki-tps&audit_signing=CN%3DTPS+Audit+Signing+Certificate%2CO%3DEXAMPLE&audit_signing_nick=auditSigningCert+cert-pki-tps&urls=0&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:46 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn> - <binddn>cn=directory manager</binddn> - <bindpwd/> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <certs> - <element> - <certinfo> - <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE</dn> - <tag>sslserver</tag> - <friendly>SSL Server Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE</dn> - <tag>subsystem</tag> - <friendly>Subsystem Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE</dn> - <tag>audit_signing</tag> - <friendly>Audit Log Signing Certificate</friendly> - </certinfo> - </element> - </certs> - <check_clonesubsystem/> - <check_newsubsystem/> - <csstate>1</csstate> - <custom_size>2048</custom_size> - <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <default_ecc_curvename>nistp256</default_ecc_curvename> - <default_keysize>2048</default_keysize> - <disableClone>1</disableClone> - <errorString/> - <firstpanel>0</firstpanel> - <firsttime>true</firsttime> - <fullsystemname>Token Processing System </fullsystemname> - <hostname>localhost</hostname> - <http_port>7888</http_port> - <https_port>7889</https_port> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list> - <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list> - <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list> - <lastpanel>0</lastpanel> - <machineName>localhost</machineName> - <name>Token Processing System</name> - <non_clientauth_https_port>7890</non_clientauth_https_port> - <oms/> - <p>13</p> - <panel>tps/admin/console/config/certrequestpanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <portStr>389</portStr> - <ppcerts/> - <productversion>10.1.0</productversion> - <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect> - <reqscerts> - <element> - <reqcertinfo> - <name>SSL Server Certificate</name> - <req>-----BEGIN NEW CERTIFICATE REQUEST----- -MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMddm0t -MDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8VWAvSv5V4LRR/MlGgZLf3 -yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpAwSVN1CWtrbflP5O9wkVF -kxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1pfW4Jb6O+vOUzHHNEfH3U -hFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwgdIxI1Q9jZZTiuupfu3Hq -Ipt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1XmBoIvIAJiDWUETBiB4X -iYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOvAqer08kY4ELo70uE1IWX -AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAjAtHz3uSFKDHpYgxCFKiAxSv -NUHdhIZO4DjEl6BuxvH2dkrMOeBuzmGUdB/dmprKvMBRtTwjopD/vbRTkKPc -bB4j92pVxlAUlAd4dvzuFGcK/mhB8kdmCXAAgBOPKlZgpHoWRRaEqbdFznjQ -KDz1lFE6Lb1Wpmcx9u6ZUWjHLd4sr+Ym+byXx9DroMBYV3rK35xUhpNlMjUM -PSX+Fqgx4ddGgpGm0kh9TlczNUMQb+kqds8c3SRCfUTZNo4cE/LOEDqkUdYy -XwTXjjAag7c6b7Dv8/OR4jNNrvAihn5YdlAo3aRssE6zQCKrOfN2bYy3uWMG -+VqC9saBiWkg8sgPbg== ------END NEW CERTIFICATE REQUEST-----</req> - <cert>-----BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF -WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz -MTEyMTE3NTQ0OVoXDTE1MTExMTE3NTQ0OVowOjEQMA4GA1UEChMHRVhBTVBM -RTEmMCQGA1UEAxMddm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8V -WAvSv5V4LRR/MlGgZLf3yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpA -wSVN1CWtrbflP5O9wkVFkxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1p -fW4Jb6O+vOUzHHNEfH3UhFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwg -dIxI1Q9jZZTiuupfu3HqIpt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1 -XmBoIvIAJiDWUETBiB4XiYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOv -Aqer08kY4ELo70uE1IWXAgMBAAGjgawwgakwHwYDVR0jBBgwFoAUY6p+ucCt -MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo -dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v -Y3NwMA4GA1UdDwEB/wQEAwIE8DAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYB -BQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQDbNeargy6K/gjb -kkkSgvyfB+evtAGk5O+6lHuAhWefvS4LEkY6VyfZ2q8FJ5i5emIX5udlCpaR -rd1B5czHsv/QRboUYSIVHcUAaQJyxakIF2gzfGtNiTDWFcNNdhLXfBkZMesy -F9azUAJyWIwe4i965F39si+V8MsdcMJB72K5Yk7/IPjANBoN5ZMxFQN1jODX -JRyaSSx34q+Gh+an7NtEGf7zYw04rWPctaLnojrBwtNi9WxSb5kQcrNL7QPl -L8ZwMl2xkiPLHIHMXzDSesqgpZNAdiMHy/KusfZRhfJPSc6gY7oM7fKyIdJS -hOq8/unh4rG37Ws7TLWxV3BNUv7R ------END CERTIFICATE-----</cert> - <certpp>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 16 (0x10) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:54:49 2013 - Not After : Wed Nov 11 17:54:49 2015 - Subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - bf:f6:ad:7c:2f:ac:1a:31:29:b4:ff:ab:d0:0d:4f:15: - 58:0b:d2:bf:95:78:2d:14:7f:32:51:a0:64:b7:f7:c8: - 13:24:c0:3d:8c:08:61:4b:ce:88:6d:be:6c:da:d3:f3: - 9f:ab:6f:2b:6a:2c:12:99:6e:58:65:6a:40:c1:25:4d: - d4:25:ad:ad:b7:e5:3f:93:bd:c2:45:45:93:1c:b9:92: - 2e:f6:41:67:23:2a:fc:28:24:17:91:f2:b5:e1:49:d9: - 14:95:bc:79:07:25:75:78:7d:69:7d:6e:09:6f:a3:be: - bc:e5:33:1c:73:44:7c:7d:d4:84:50:ee:2b:9d:f9:56: - c4:28:3c:b3:72:c3:4b:32:b3:3f:64:f0:08:d7:3f:33: - ab:14:6a:69:43:3c:20:74:8c:48:d5:0f:63:65:94:e2: - ba:ea:5f:bb:71:ea:22:9b:7b:39:1a:5d:77:69:10:45: - 3c:ae:0b:35:fe:f5:3a:78:fe:c8:63:93:ce:e2:a9:72: - ec:31:8b:b5:5e:60:68:22:f2:00:26:20:d6:50:44:c1: - 88:1e:17:89:8b:22:14:cf:f2:5c:cd:d7:99:5b:95:f9: - 22:50:fb:1b:75:5c:82:5c:43:ea:4c:d8:ed:91:0a:43: - af:02:a7:ab:d3:c9:18:e0:42:e8:ef:4b:84:d4:85:97 - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Key Encipherment - Data Encipherment - - Name: Extended Key Usage - TLS Web Server Authentication Certificate - TLS Web Client Authentication Certificate - E-Mail Protection Certificate - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - db:35:e6:ab:83:2e:8a:fe:08:db:92:49:12:82:fc:9f: - 07:e7:af:b4:01:a4:e4:ef:ba:94:7b:80:85:67:9f:bd: - 2e:0b:12:46:3a:57:27:d9:da:af:05:27:98:b9:7a:62: - 17:e6:e7:65:0a:96:91:ad:dd:41:e5:cc:c7:b2:ff:d0: - 45:ba:14:61:22:15:1d:c5:00:69:02:72:c5:a9:08:17: - 68:33:7c:6b:4d:89:30:d6:15:c3:4d:76:12:d7:7c:19: - 19:31:eb:32:17:d6:b3:50:02:72:58:8c:1e:e2:2f:7a: - e4:5d:fd:b2:2f:95:f0:cb:1d:70:c2:41:ef:62:b9:62: - 4e:ff:20:f8:c0:34:1a:0d:e5:93:31:15:03:75:8c:e0: - d7:25:1c:9a:49:2c:77:e2:af:86:87:e6:a7:ec:db:44: - 19:fe:f3:63:0d:38:ad:63:dc:b5:a2:e7:a2:3a:c1:c2: - d3:62:f5:6c:52:6f:99:10:72:b3:4b:ed:03:e5:2f:c6: - 70:32:5d:b1:92:23:cb:1c:81:cc:5f:30:d2:7a:ca:a0: - a5:93:40:76:23:07:cb:f2:ae:b1:f6:51:85:f2:4f:49: - ce:a0:63:ba:0c:ed:f2:b2:21:d2:52:84:ea:bc:fe:e9: - e1:e2:b1:b7:ed:6b:3b:4c:b5:b1:57:70:4d:52:fe:d1 - Fingerprint (MD5): - 5B:BA:5A:1E:52:1A:ED:13:AB:E3:19:4F:A9:A0:F7:F3 - Fingerprint (SHA1): - C5:E3:BA:90:42:9E:A2:8A:80:ED:A7:DE:D7:4A:BB:EC:9B:A1:27:31 - - Certificate Trust Flags: - SSL Flags: - User - Email Flags: - User - Object Signing Flags: - User - -</certpp> - <tag>sslserver</tag> - <dn>sslserver</dn> - </reqcertinfo> - </element> - <element> - <reqcertinfo> - <name>Subsystem Certificate</name> - <req>-----BEGIN NEW CERTIFICATE REQUEST----- -MIICezCCAWMCAQAwNjEQMA4GA1UEChMHRVhBTVBMRTEiMCAGA1UEAxMZVFBT -IFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0AjjFK2Jg20ip1tcP5/8R2n -xTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIzobfBbamW7vzML4mL9bwP -jh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB3/ctf+fPTIdtWZ12pIJP -K9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ0lh6w+MyJ2GBjbpK3r8p -GuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qRW5yPbgIWqPSR7uwOL7Vi -MrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcxQftG4o7vh0eThG0CAwEA -AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAV8clzGabViitCdWmz2DeE4alTiYqa -HWeXno4nKCXBttdkgrr4lu1hNfIjJSxHfj1R+FmAz27jtvA/0bDdBXRuTyzx -ROhZ7raoMymQCW+w8tYO/ThaVQLijx+muX13gfCU0Bxq5+WDRJY4P4TCa49P -3RBMziTc7kVagdmjhWYjnwRyWr8acOo4qEoo/X0wLC01MAe24OyKbfCt+FbT -6PgjCVUAQ5HjmeWXyZQc89iZrkz2XVTFwQUKieni47pAVSL/Abkng2U8czIw -cbBbP6DFO9t2L2Dye9z9LaA9jwSPVaRyKUdOEfemK75kQRLixs2BXUEeZazQ -QgPZ9cJsptbf ------END NEW CERTIFICATE REQUEST-----</req> - <cert>-----BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBETANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF -WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz -MTEyMTE3NTQ1MFoXDTE1MTExMTE3NTQ1MFowNjEQMA4GA1UEChMHRVhBTVBM -RTEiMCAGA1UEAxMZVFBTIFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0Aj -jFK2Jg20ip1tcP5/8R2nxTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIz -obfBbamW7vzML4mL9bwPjh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB -3/ctf+fPTIdtWZ12pIJPK9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ -0lh6w+MyJ2GBjbpK3r8pGuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qR -W5yPbgIWqPSR7uwOL7ViMrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcx -QftG4o7vh0eThG0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBRjqn65wK0yKEDu -gzfgeN+hflzSRDBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGGMWh0dHA6 -Ly92bS0wODQuaWRtLmxhYi5ib3MucmVkaGF0LmNvbTo4MDgwL2NhL29jc3Aw -DgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3 -DQEBCwUAA4IBAQDRBXrEAqLiecW5Xh0yEwgGbcDtpRO2BCbFp3F2W8wURlo0 -axinBQCwdDGkgkXCodyib/CkJk0E5MpbJ6+q6/VLgByyzpGk1uNVIBvlfRtG -TXvU41MrjGjhVANz/uYUA7P96sWxNu8OYQv4mlyh5BDk3itYqfuIN9pLkvRL -SKGqRr+ot6hBMweysCT8I4jMBtFFXszCmithBR4x9O+n7QUcIYWrxKkT9Fm8 -PvHFeb8dMNWU7etAxQVrc/ewZbeYG+S01PFj1lopATHxZqFSCjB6RukjiIe0 -BfNUbzfputLXPUuZu0d/z5EhT+fgNKXUb9zeYFsqebP1ln/JsOJ0MJ4/ ------END CERTIFICATE-----</cert> - <certpp>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 17 (0x11) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:54:50 2013 - Not After : Wed Nov 11 17:54:50 2015 - Subject: CN=TPS Subsystem Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - b0:81:63:41:45:31:21:56:27:2e:86:ee:03:7d:e2:1f: - 1b:b3:40:23:8c:52:b6:26:0d:b4:8a:9d:6d:70:fe:7f: - f1:1d:a7:c5:32:da:ab:cf:8e:0f:15:05:1a:dd:dd:d6: - f8:66:b5:f2:88:a0:3d:61:a7:a9:8c:c4:ac:90:82:f2: - 33:a1:b7:c1:6d:a9:96:ee:fc:cc:2f:89:8b:f5:bc:0f: - 8e:1f:af:79:00:b4:86:ac:d9:8b:c6:ed:e3:3d:56:a4: - 42:3a:45:99:18:18:38:a2:bb:dc:b1:d4:d5:81:df:f7: - 2d:7f:e7:cf:4c:87:6d:59:9d:76:a4:82:4f:2b:d0:33: - cb:64:47:20:15:6f:49:1a:ae:52:5c:72:b9:a4:1d:d7: - 12:7c:56:04:53:fd:8f:c3:0d:23:89:d2:58:7a:c3:e3: - 32:27:61:81:8d:ba:4a:de:bf:29:1a:e3:67:39:4a:79: - ff:54:9a:66:d6:38:01:80:a1:d6:1e:f2:34:d5:81:60: - ba:10:06:64:d6:df:ea:91:5b:9c:8f:6e:02:16:a8:f4: - 91:ee:ec:0e:2f:b5:62:32:bc:47:3a:58:e7:fc:5a:e9: - 63:74:30:00:cb:2d:16:7c:05:e5:b3:93:df:ab:bd:ea: - da:58:40:f7:31:41:fb:46:e2:8e:ef:87:47:93:84:6d - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Key Encipherment - Data Encipherment - - Name: Extended Key Usage - TLS Web Client Authentication Certificate - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - d1:05:7a:c4:02:a2:e2:79:c5:b9:5e:1d:32:13:08:06: - 6d:c0:ed:a5:13:b6:04:26:c5:a7:71:76:5b:cc:14:46: - 5a:34:6b:18:a7:05:00:b0:74:31:a4:82:45:c2:a1:dc: - a2:6f:f0:a4:26:4d:04:e4:ca:5b:27:af:aa:eb:f5:4b: - 80:1c:b2:ce:91:a4:d6:e3:55:20:1b:e5:7d:1b:46:4d: - 7b:d4:e3:53:2b:8c:68:e1:54:03:73:fe:e6:14:03:b3: - fd:ea:c5:b1:36:ef:0e:61:0b:f8:9a:5c:a1:e4:10:e4: - de:2b:58:a9:fb:88:37:da:4b:92:f4:4b:48:a1:aa:46: - bf:a8:b7:a8:41:33:07:b2:b0:24:fc:23:88:cc:06:d1: - 45:5e:cc:c2:9a:2b:61:05:1e:31:f4:ef:a7:ed:05:1c: - 21:85:ab:c4:a9:13:f4:59:bc:3e:f1:c5:79:bf:1d:30: - d5:94:ed:eb:40:c5:05:6b:73:f7:b0:65:b7:98:1b:e4: - b4:d4:f1:63:d6:5a:29:01:31:f1:66:a1:52:0a:30:7a: - 46:e9:23:88:87:b4:05:f3:54:6f:37:e9:ba:d2:d7:3d: - 4b:99:bb:47:7f:cf:91:21:4f:e7:e0:34:a5:d4:6f:dc: - de:60:5b:2a:79:b3:f5:96:7f:c9:b0:e2:74:30:9e:3f - Fingerprint (MD5): - 33:E4:65:72:E7:73:63:F6:4D:F3:0D:1B:79:4B:51:BA - Fingerprint (SHA1): - 2B:3B:C2:42:09:1F:DC:3C:E8:DD:1C:2E:27:CB:22:34:4B:F2:2A:A9 - - Certificate Trust Flags: - SSL Flags: - User - Email Flags: - User - Object Signing Flags: - User - -</certpp> - <tag>subsystem</tag> - <dn>subsystem</dn> - </reqcertinfo> - </element> - <element> - <reqcertinfo> - <name>Audit Log Signing Certificate</name> - <req>-----BEGIN NEW CERTIFICATE REQUEST----- -MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMdVFBT -IEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590Seob6Ee4+8A7ypAy0aJ9E -8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE77XZCpnz1Ddv/fQ71CZw -Lhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru3R7ekVngXp8VE2N5VWBC -kWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWejtWaI7AvYuh7UWbaz+aPg -GFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEMI1m9FDbF6dIdH/zFSXEQ -O+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxqjA3aXrIgNMh2wFgU4fcX -AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAk7D7vqIVUQPPchUR6MWoHyM3 -w5og8cRPE3nJQKPMhy+z1dBC67iTlPDM12entGVC+r4snbvNAfzibV/u9G4z -IurRS42vLls06hCHe2+jDr2xrpHf5iM4QExQuMSFZ9+N0xXg5ytDvWLi/LtI -YProlIaSmOdndJDQr6KPtsGb2My7a4iMBV/qVSD9A6bblbxJNPFHoiTuYj72 -7fWNT0JH2g0OmqZa5lx1o4q8dWAfKlrsMGB7OTRyJ7Y2V7FGgY50isrcxnuw -XTCPxOQGEL2T/F5q/4F+ZyJix1SfhoQys4RBXxvQbhNvbPIAHtHg/5bcbPMN -GNlW6BI4kN+UNRYGtQ== ------END NEW CERTIFICATE REQUEST-----</req> - <cert>-----BEGIN CERTIFICATE----- -MIIDbDCCAlSgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF -WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz -MTEyMTE3NTQ1M1oXDTE1MTExMTE3NTQ1M1owOjEQMA4GA1UEChMHRVhBTVBM -RTEmMCQGA1UEAxMdVFBTIEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590S -eob6Ee4+8A7ypAy0aJ9E8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE -77XZCpnz1Ddv/fQ71CZwLhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru -3R7ekVngXp8VE2N5VWBCkWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWej -tWaI7AvYuh7UWbaz+aPgGFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEM -I1m9FDbF6dIdH/zFSXEQO+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxq -jA3aXrIgNMh2wFgU4fcXAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUY6p+ucCt -MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo -dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v -Y3NwMA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQsFAAOCAQEAKPq8ro5J -Di7LVv45eUH5AYrOiMqa10qWDr5dEqFqn7FZ3sK4A8zx/pQc+Iz3LMaaapgl -hxXen9un2ZoAKqBJ3IES24nLr9xU+aS2vKZseGi7UZMHAxC/b3gerZvHY9p5 -CqWDPDO/ksnWikndaWvTZeqfXvqSvoJnDuwv/tCsLTTBzZ5ReTUiCAh91TXU -4LJCl8q/+IeBOvz9g+iFwICN6FiXrq5j5GJgA/NOHwCvwMpH+lmK+H4mvUlr -aVCWubitl7KqiepEyZAlyTuUX5t/u05xePVkaU/e3WijL6SSygcxH4Q9EQC8 -9PT07QwEbXSPXhv0n79x+Lhf4RuR4qZd4Q== ------END CERTIFICATE-----</cert> - <certpp>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 18 (0x12) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:54:53 2013 - Not After : Wed Nov 11 17:54:53 2015 - Subject: CN=TPS Audit Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - d0:ba:55:c6:b3:d6:2f:2a:a6:cd:a7:d2:55:e7:dd:12: - 7a:86:fa:11:ee:3e:f0:0e:f2:a4:0c:b4:68:9f:44:f1: - bc:31:75:9d:d3:3f:d7:e5:32:61:45:d7:f1:29:a7:ca: - e2:4f:90:54:1e:77:f5:8f:71:e9:be:28:44:ef:b5:d9: - 0a:99:f3:d4:37:6f:fd:f4:3b:d4:26:70:2e:1c:76:5a: - 10:11:42:6e:bf:d3:bf:be:5f:50:3b:4d:90:0b:30:d9: - 40:45:02:ae:62:af:27:17:64:6e:dd:1e:de:91:59:e0: - 5e:9f:15:13:63:79:55:60:42:91:66:22:45:8e:40:c6: - dd:61:5b:6e:77:4a:24:ee:49:c2:17:c2:67:fd:29:ea: - 4c:07:62:f7:45:67:a3:b5:66:88:ec:0b:d8:ba:1e:d4: - 59:b6:b3:f9:a3:e0:18:5b:02:2e:2f:01:f3:04:2b:88: - 9f:61:c8:e5:a9:cd:df:04:6a:c1:a4:d6:9b:cc:f0:ff: - 14:82:71:0c:23:59:bd:14:36:c5:e9:d2:1d:1f:fc:c5: - 49:71:10:3b:e6:d3:1a:a4:2b:8b:da:05:9d:76:c3:fb: - 70:98:b6:0c:7a:7f:a8:7c:b3:4a:13:4e:f5:c3:6a:4c: - 6a:8c:0d:da:5e:b2:20:34:c8:76:c0:58:14:e1:f7:17 - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 28:fa:bc:ae:8e:49:0e:2e:cb:56:fe:39:79:41:f9:01: - 8a:ce:88:ca:9a:d7:4a:96:0e:be:5d:12:a1:6a:9f:b1: - 59:de:c2:b8:03:cc:f1:fe:94:1c:f8:8c:f7:2c:c6:9a: - 6a:98:25:87:15:de:9f:db:a7:d9:9a:00:2a:a0:49:dc: - 81:12:db:89:cb:af:dc:54:f9:a4:b6:bc:a6:6c:78:68: - bb:51:93:07:03:10:bf:6f:78:1e:ad:9b:c7:63:da:79: - 0a:a5:83:3c:33:bf:92:c9:d6:8a:49:dd:69:6b:d3:65: - ea:9f:5e:fa:92:be:82:67:0e:ec:2f:fe:d0:ac:2d:34: - c1:cd:9e:51:79:35:22:08:08:7d:d5:35:d4:e0:b2:42: - 97:ca:bf:f8:87:81:3a:fc:fd:83:e8:85:c0:80:8d:e8: - 58:97:ae:ae:63:e4:62:60:03:f3:4e:1f:00:af:c0:ca: - 47:fa:59:8a:f8:7e:26:bd:49:6b:69:50:96:b9:b8:ad: - 97:b2:aa:89:ea:44:c9:90:25:c9:3b:94:5f:9b:7f:bb: - 4e:71:78:f5:64:69:4f:de:dd:68:a3:2f:a4:92:ca:07: - 31:1f:84:3d:11:00:bc:f4:f4:f4:ed:0c:04:6d:74:8f: - 5e:1b:f4:9f:bf:71:f8:b8:5f:e1:1b:91:e2:a6:5d:e1 - Fingerprint (MD5): - 8C:A7:63:34:2C:55:22:B5:BA:22:5E:F8:BF:36:69:93 - Fingerprint (SHA1): - AC:AA:23:8E:CF:C0:A9:1C:BB:B5:1E:DC:82:D2:02:7D:0C:2B:F5:50 - - Certificate Trust Flags: - SSL Flags: - User - Email Flags: - User - Object Signing Flags: - Terminal Record - Trusted - User - -</certpp> - <tag>audit_signing</tag> - <dn>audit_signing</dn> - </reqcertinfo> - </element> - </reqscerts> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <secureconn>false</secureconn> - <select>default</select> - <showApplyButton>true</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>14</subpanelno> - <subsystemName>Token Processing System</subsystemName> - <systemname>Token Processing </systemname> - <title>Certificate Requests</title> - <urls> - <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element> - <element>External CA</element> - </urls> - <urls_size>3</urls_size> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=13&sslserver=&sslserver_cc=&subsystem=&subsystem_cc=&audit_signing=&audit_signing_cc=&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:01 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <admin_email/> - <admin_name>TPS Administrator</admin_name> - <admin_pwd/> - <admin_pwd_again/> - <admin_uid>admin</admin_uid> - <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn> - <binddn>cn=directory manager</binddn> - <bindpwd/> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <certs> - <element> - <certinfo> - <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE</dn> - <tag>sslserver</tag> - <friendly>SSL Server Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE</dn> - <tag>subsystem</tag> - <friendly>Subsystem Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE</dn> - <tag>audit_signing</tag> - <friendly>Audit Log Signing Certificate</friendly> - </certinfo> - </element> - </certs> - <check_clonesubsystem/> - <check_newsubsystem/> - <csstate>1</csstate> - <custom_size>2048</custom_size> - <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <default_ecc_curvename>nistp256</default_ecc_curvename> - <default_keysize>2048</default_keysize> - <disableClone>1</disableClone> - <errorString/> - <firstpanel>0</firstpanel> - <firsttime>true</firsttime> - <fullsystemname>Token Processing System </fullsystemname> - <hostname>localhost</hostname> - <http_port>7888</http_port> - <https_port>7889</https_port> - <import>true</import> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list> - <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list> - <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list> - <lastpanel>0</lastpanel> - <machineName>localhost</machineName> - <name>Token Processing System</name> - <non_clientauth_https_port>7890</non_clientauth_https_port> - <oms/> - <p>14</p> - <panel>tps/admin/console/config/adminpanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <portStr>389</portStr> - <ppcerts/> - <productversion>10.1.0</productversion> - <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect> - <reqscerts> - <element> - <reqcertinfo> - <name>SSL Server Certificate</name> - <req>-----BEGIN NEW CERTIFICATE REQUEST----- -MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMddm0t -MDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8VWAvSv5V4LRR/MlGgZLf3 -yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpAwSVN1CWtrbflP5O9wkVF -kxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1pfW4Jb6O+vOUzHHNEfH3U -hFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwgdIxI1Q9jZZTiuupfu3Hq -Ipt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1XmBoIvIAJiDWUETBiB4X -iYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOvAqer08kY4ELo70uE1IWX -AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAjAtHz3uSFKDHpYgxCFKiAxSv -NUHdhIZO4DjEl6BuxvH2dkrMOeBuzmGUdB/dmprKvMBRtTwjopD/vbRTkKPc -bB4j92pVxlAUlAd4dvzuFGcK/mhB8kdmCXAAgBOPKlZgpHoWRRaEqbdFznjQ -KDz1lFE6Lb1Wpmcx9u6ZUWjHLd4sr+Ym+byXx9DroMBYV3rK35xUhpNlMjUM -PSX+Fqgx4ddGgpGm0kh9TlczNUMQb+kqds8c3SRCfUTZNo4cE/LOEDqkUdYy -XwTXjjAag7c6b7Dv8/OR4jNNrvAihn5YdlAo3aRssE6zQCKrOfN2bYy3uWMG -+VqC9saBiWkg8sgPbg== ------END NEW CERTIFICATE REQUEST-----</req> - <cert>-----BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF -WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz -MTEyMTE3NTQ0OVoXDTE1MTExMTE3NTQ0OVowOjEQMA4GA1UEChMHRVhBTVBM -RTEmMCQGA1UEAxMddm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8V -WAvSv5V4LRR/MlGgZLf3yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpA -wSVN1CWtrbflP5O9wkVFkxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1p -fW4Jb6O+vOUzHHNEfH3UhFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwg -dIxI1Q9jZZTiuupfu3HqIpt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1 -XmBoIvIAJiDWUETBiB4XiYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOv -Aqer08kY4ELo70uE1IWXAgMBAAGjgawwgakwHwYDVR0jBBgwFoAUY6p+ucCt -MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo -dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v -Y3NwMA4GA1UdDwEB/wQEAwIE8DAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYB -BQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQDbNeargy6K/gjb -kkkSgvyfB+evtAGk5O+6lHuAhWefvS4LEkY6VyfZ2q8FJ5i5emIX5udlCpaR -rd1B5czHsv/QRboUYSIVHcUAaQJyxakIF2gzfGtNiTDWFcNNdhLXfBkZMesy -F9azUAJyWIwe4i965F39si+V8MsdcMJB72K5Yk7/IPjANBoN5ZMxFQN1jODX -JRyaSSx34q+Gh+an7NtEGf7zYw04rWPctaLnojrBwtNi9WxSb5kQcrNL7QPl -L8ZwMl2xkiPLHIHMXzDSesqgpZNAdiMHy/KusfZRhfJPSc6gY7oM7fKyIdJS -hOq8/unh4rG37Ws7TLWxV3BNUv7R ------END CERTIFICATE-----</cert> - <certpp>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 16 (0x10) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:54:49 2013 - Not After : Wed Nov 11 17:54:49 2015 - Subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - bf:f6:ad:7c:2f:ac:1a:31:29:b4:ff:ab:d0:0d:4f:15: - 58:0b:d2:bf:95:78:2d:14:7f:32:51:a0:64:b7:f7:c8: - 13:24:c0:3d:8c:08:61:4b:ce:88:6d:be:6c:da:d3:f3: - 9f:ab:6f:2b:6a:2c:12:99:6e:58:65:6a:40:c1:25:4d: - d4:25:ad:ad:b7:e5:3f:93:bd:c2:45:45:93:1c:b9:92: - 2e:f6:41:67:23:2a:fc:28:24:17:91:f2:b5:e1:49:d9: - 14:95:bc:79:07:25:75:78:7d:69:7d:6e:09:6f:a3:be: - bc:e5:33:1c:73:44:7c:7d:d4:84:50:ee:2b:9d:f9:56: - c4:28:3c:b3:72:c3:4b:32:b3:3f:64:f0:08:d7:3f:33: - ab:14:6a:69:43:3c:20:74:8c:48:d5:0f:63:65:94:e2: - ba:ea:5f:bb:71:ea:22:9b:7b:39:1a:5d:77:69:10:45: - 3c:ae:0b:35:fe:f5:3a:78:fe:c8:63:93:ce:e2:a9:72: - ec:31:8b:b5:5e:60:68:22:f2:00:26:20:d6:50:44:c1: - 88:1e:17:89:8b:22:14:cf:f2:5c:cd:d7:99:5b:95:f9: - 22:50:fb:1b:75:5c:82:5c:43:ea:4c:d8:ed:91:0a:43: - af:02:a7:ab:d3:c9:18:e0:42:e8:ef:4b:84:d4:85:97 - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Key Encipherment - Data Encipherment - - Name: Extended Key Usage - TLS Web Server Authentication Certificate - TLS Web Client Authentication Certificate - E-Mail Protection Certificate - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - db:35:e6:ab:83:2e:8a:fe:08:db:92:49:12:82:fc:9f: - 07:e7:af:b4:01:a4:e4:ef:ba:94:7b:80:85:67:9f:bd: - 2e:0b:12:46:3a:57:27:d9:da:af:05:27:98:b9:7a:62: - 17:e6:e7:65:0a:96:91:ad:dd:41:e5:cc:c7:b2:ff:d0: - 45:ba:14:61:22:15:1d:c5:00:69:02:72:c5:a9:08:17: - 68:33:7c:6b:4d:89:30:d6:15:c3:4d:76:12:d7:7c:19: - 19:31:eb:32:17:d6:b3:50:02:72:58:8c:1e:e2:2f:7a: - e4:5d:fd:b2:2f:95:f0:cb:1d:70:c2:41:ef:62:b9:62: - 4e:ff:20:f8:c0:34:1a:0d:e5:93:31:15:03:75:8c:e0: - d7:25:1c:9a:49:2c:77:e2:af:86:87:e6:a7:ec:db:44: - 19:fe:f3:63:0d:38:ad:63:dc:b5:a2:e7:a2:3a:c1:c2: - d3:62:f5:6c:52:6f:99:10:72:b3:4b:ed:03:e5:2f:c6: - 70:32:5d:b1:92:23:cb:1c:81:cc:5f:30:d2:7a:ca:a0: - a5:93:40:76:23:07:cb:f2:ae:b1:f6:51:85:f2:4f:49: - ce:a0:63:ba:0c:ed:f2:b2:21:d2:52:84:ea:bc:fe:e9: - e1:e2:b1:b7:ed:6b:3b:4c:b5:b1:57:70:4d:52:fe:d1 - Fingerprint (MD5): - 5B:BA:5A:1E:52:1A:ED:13:AB:E3:19:4F:A9:A0:F7:F3 - Fingerprint (SHA1): - C5:E3:BA:90:42:9E:A2:8A:80:ED:A7:DE:D7:4A:BB:EC:9B:A1:27:31 - - Certificate Trust Flags: - SSL Flags: - User - Email Flags: - User - Object Signing Flags: - User - -</certpp> - <tag>sslserver</tag> - <dn>sslserver</dn> - </reqcertinfo> - </element> - <element> - <reqcertinfo> - <name>Subsystem Certificate</name> - <req>-----BEGIN NEW CERTIFICATE REQUEST----- -MIICezCCAWMCAQAwNjEQMA4GA1UEChMHRVhBTVBMRTEiMCAGA1UEAxMZVFBT -IFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0AjjFK2Jg20ip1tcP5/8R2n -xTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIzobfBbamW7vzML4mL9bwP -jh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB3/ctf+fPTIdtWZ12pIJP -K9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ0lh6w+MyJ2GBjbpK3r8p -GuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qRW5yPbgIWqPSR7uwOL7Vi -MrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcxQftG4o7vh0eThG0CAwEA -AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAV8clzGabViitCdWmz2DeE4alTiYqa -HWeXno4nKCXBttdkgrr4lu1hNfIjJSxHfj1R+FmAz27jtvA/0bDdBXRuTyzx -ROhZ7raoMymQCW+w8tYO/ThaVQLijx+muX13gfCU0Bxq5+WDRJY4P4TCa49P -3RBMziTc7kVagdmjhWYjnwRyWr8acOo4qEoo/X0wLC01MAe24OyKbfCt+FbT -6PgjCVUAQ5HjmeWXyZQc89iZrkz2XVTFwQUKieni47pAVSL/Abkng2U8czIw -cbBbP6DFO9t2L2Dye9z9LaA9jwSPVaRyKUdOEfemK75kQRLixs2BXUEeZazQ -QgPZ9cJsptbf ------END NEW CERTIFICATE REQUEST-----</req> - <cert>-----BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBETANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF -WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz -MTEyMTE3NTQ1MFoXDTE1MTExMTE3NTQ1MFowNjEQMA4GA1UEChMHRVhBTVBM -RTEiMCAGA1UEAxMZVFBTIFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0Aj -jFK2Jg20ip1tcP5/8R2nxTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIz -obfBbamW7vzML4mL9bwPjh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB -3/ctf+fPTIdtWZ12pIJPK9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ -0lh6w+MyJ2GBjbpK3r8pGuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qR -W5yPbgIWqPSR7uwOL7ViMrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcx -QftG4o7vh0eThG0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBRjqn65wK0yKEDu -gzfgeN+hflzSRDBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGGMWh0dHA6 -Ly92bS0wODQuaWRtLmxhYi5ib3MucmVkaGF0LmNvbTo4MDgwL2NhL29jc3Aw -DgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3 -DQEBCwUAA4IBAQDRBXrEAqLiecW5Xh0yEwgGbcDtpRO2BCbFp3F2W8wURlo0 -axinBQCwdDGkgkXCodyib/CkJk0E5MpbJ6+q6/VLgByyzpGk1uNVIBvlfRtG -TXvU41MrjGjhVANz/uYUA7P96sWxNu8OYQv4mlyh5BDk3itYqfuIN9pLkvRL -SKGqRr+ot6hBMweysCT8I4jMBtFFXszCmithBR4x9O+n7QUcIYWrxKkT9Fm8 -PvHFeb8dMNWU7etAxQVrc/ewZbeYG+S01PFj1lopATHxZqFSCjB6RukjiIe0 -BfNUbzfputLXPUuZu0d/z5EhT+fgNKXUb9zeYFsqebP1ln/JsOJ0MJ4/ ------END CERTIFICATE-----</cert> - <certpp>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 17 (0x11) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:54:50 2013 - Not After : Wed Nov 11 17:54:50 2015 - Subject: CN=TPS Subsystem Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - b0:81:63:41:45:31:21:56:27:2e:86:ee:03:7d:e2:1f: - 1b:b3:40:23:8c:52:b6:26:0d:b4:8a:9d:6d:70:fe:7f: - f1:1d:a7:c5:32:da:ab:cf:8e:0f:15:05:1a:dd:dd:d6: - f8:66:b5:f2:88:a0:3d:61:a7:a9:8c:c4:ac:90:82:f2: - 33:a1:b7:c1:6d:a9:96:ee:fc:cc:2f:89:8b:f5:bc:0f: - 8e:1f:af:79:00:b4:86:ac:d9:8b:c6:ed:e3:3d:56:a4: - 42:3a:45:99:18:18:38:a2:bb:dc:b1:d4:d5:81:df:f7: - 2d:7f:e7:cf:4c:87:6d:59:9d:76:a4:82:4f:2b:d0:33: - cb:64:47:20:15:6f:49:1a:ae:52:5c:72:b9:a4:1d:d7: - 12:7c:56:04:53:fd:8f:c3:0d:23:89:d2:58:7a:c3:e3: - 32:27:61:81:8d:ba:4a:de:bf:29:1a:e3:67:39:4a:79: - ff:54:9a:66:d6:38:01:80:a1:d6:1e:f2:34:d5:81:60: - ba:10:06:64:d6:df:ea:91:5b:9c:8f:6e:02:16:a8:f4: - 91:ee:ec:0e:2f:b5:62:32:bc:47:3a:58:e7:fc:5a:e9: - 63:74:30:00:cb:2d:16:7c:05:e5:b3:93:df:ab:bd:ea: - da:58:40:f7:31:41:fb:46:e2:8e:ef:87:47:93:84:6d - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Key Encipherment - Data Encipherment - - Name: Extended Key Usage - TLS Web Client Authentication Certificate - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - d1:05:7a:c4:02:a2:e2:79:c5:b9:5e:1d:32:13:08:06: - 6d:c0:ed:a5:13:b6:04:26:c5:a7:71:76:5b:cc:14:46: - 5a:34:6b:18:a7:05:00:b0:74:31:a4:82:45:c2:a1:dc: - a2:6f:f0:a4:26:4d:04:e4:ca:5b:27:af:aa:eb:f5:4b: - 80:1c:b2:ce:91:a4:d6:e3:55:20:1b:e5:7d:1b:46:4d: - 7b:d4:e3:53:2b:8c:68:e1:54:03:73:fe:e6:14:03:b3: - fd:ea:c5:b1:36:ef:0e:61:0b:f8:9a:5c:a1:e4:10:e4: - de:2b:58:a9:fb:88:37:da:4b:92:f4:4b:48:a1:aa:46: - bf:a8:b7:a8:41:33:07:b2:b0:24:fc:23:88:cc:06:d1: - 45:5e:cc:c2:9a:2b:61:05:1e:31:f4:ef:a7:ed:05:1c: - 21:85:ab:c4:a9:13:f4:59:bc:3e:f1:c5:79:bf:1d:30: - d5:94:ed:eb:40:c5:05:6b:73:f7:b0:65:b7:98:1b:e4: - b4:d4:f1:63:d6:5a:29:01:31:f1:66:a1:52:0a:30:7a: - 46:e9:23:88:87:b4:05:f3:54:6f:37:e9:ba:d2:d7:3d: - 4b:99:bb:47:7f:cf:91:21:4f:e7:e0:34:a5:d4:6f:dc: - de:60:5b:2a:79:b3:f5:96:7f:c9:b0:e2:74:30:9e:3f - Fingerprint (MD5): - 33:E4:65:72:E7:73:63:F6:4D:F3:0D:1B:79:4B:51:BA - Fingerprint (SHA1): - 2B:3B:C2:42:09:1F:DC:3C:E8:DD:1C:2E:27:CB:22:34:4B:F2:2A:A9 - - Certificate Trust Flags: - SSL Flags: - User - Email Flags: - User - Object Signing Flags: - User - -</certpp> - <tag>subsystem</tag> - <dn>subsystem</dn> - </reqcertinfo> - </element> - <element> - <reqcertinfo> - <name>Audit Log Signing Certificate</name> - <req>-----BEGIN NEW CERTIFICATE REQUEST----- -MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMdVFBT -IEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590Seob6Ee4+8A7ypAy0aJ9E -8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE77XZCpnz1Ddv/fQ71CZw -Lhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru3R7ekVngXp8VE2N5VWBC -kWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWejtWaI7AvYuh7UWbaz+aPg -GFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEMI1m9FDbF6dIdH/zFSXEQ -O+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxqjA3aXrIgNMh2wFgU4fcX -AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAk7D7vqIVUQPPchUR6MWoHyM3 -w5og8cRPE3nJQKPMhy+z1dBC67iTlPDM12entGVC+r4snbvNAfzibV/u9G4z -IurRS42vLls06hCHe2+jDr2xrpHf5iM4QExQuMSFZ9+N0xXg5ytDvWLi/LtI -YProlIaSmOdndJDQr6KPtsGb2My7a4iMBV/qVSD9A6bblbxJNPFHoiTuYj72 -7fWNT0JH2g0OmqZa5lx1o4q8dWAfKlrsMGB7OTRyJ7Y2V7FGgY50isrcxnuw -XTCPxOQGEL2T/F5q/4F+ZyJix1SfhoQys4RBXxvQbhNvbPIAHtHg/5bcbPMN -GNlW6BI4kN+UNRYGtQ== ------END NEW CERTIFICATE REQUEST-----</req> - <cert>-----BEGIN CERTIFICATE----- -MIIDbDCCAlSgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF -WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz -MTEyMTE3NTQ1M1oXDTE1MTExMTE3NTQ1M1owOjEQMA4GA1UEChMHRVhBTVBM -RTEmMCQGA1UEAxMdVFBTIEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590S -eob6Ee4+8A7ypAy0aJ9E8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE -77XZCpnz1Ddv/fQ71CZwLhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru -3R7ekVngXp8VE2N5VWBCkWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWej -tWaI7AvYuh7UWbaz+aPgGFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEM -I1m9FDbF6dIdH/zFSXEQO+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxq -jA3aXrIgNMh2wFgU4fcXAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUY6p+ucCt -MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo -dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v -Y3NwMA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQsFAAOCAQEAKPq8ro5J -Di7LVv45eUH5AYrOiMqa10qWDr5dEqFqn7FZ3sK4A8zx/pQc+Iz3LMaaapgl -hxXen9un2ZoAKqBJ3IES24nLr9xU+aS2vKZseGi7UZMHAxC/b3gerZvHY9p5 -CqWDPDO/ksnWikndaWvTZeqfXvqSvoJnDuwv/tCsLTTBzZ5ReTUiCAh91TXU -4LJCl8q/+IeBOvz9g+iFwICN6FiXrq5j5GJgA/NOHwCvwMpH+lmK+H4mvUlr -aVCWubitl7KqiepEyZAlyTuUX5t/u05xePVkaU/e3WijL6SSygcxH4Q9EQC8 -9PT07QwEbXSPXhv0n79x+Lhf4RuR4qZd4Q== ------END CERTIFICATE-----</cert> - <certpp>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 18 (0x12) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:54:53 2013 - Not After : Wed Nov 11 17:54:53 2015 - Subject: CN=TPS Audit Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - d0:ba:55:c6:b3:d6:2f:2a:a6:cd:a7:d2:55:e7:dd:12: - 7a:86:fa:11:ee:3e:f0:0e:f2:a4:0c:b4:68:9f:44:f1: - bc:31:75:9d:d3:3f:d7:e5:32:61:45:d7:f1:29:a7:ca: - e2:4f:90:54:1e:77:f5:8f:71:e9:be:28:44:ef:b5:d9: - 0a:99:f3:d4:37:6f:fd:f4:3b:d4:26:70:2e:1c:76:5a: - 10:11:42:6e:bf:d3:bf:be:5f:50:3b:4d:90:0b:30:d9: - 40:45:02:ae:62:af:27:17:64:6e:dd:1e:de:91:59:e0: - 5e:9f:15:13:63:79:55:60:42:91:66:22:45:8e:40:c6: - dd:61:5b:6e:77:4a:24:ee:49:c2:17:c2:67:fd:29:ea: - 4c:07:62:f7:45:67:a3:b5:66:88:ec:0b:d8:ba:1e:d4: - 59:b6:b3:f9:a3:e0:18:5b:02:2e:2f:01:f3:04:2b:88: - 9f:61:c8:e5:a9:cd:df:04:6a:c1:a4:d6:9b:cc:f0:ff: - 14:82:71:0c:23:59:bd:14:36:c5:e9:d2:1d:1f:fc:c5: - 49:71:10:3b:e6:d3:1a:a4:2b:8b:da:05:9d:76:c3:fb: - 70:98:b6:0c:7a:7f:a8:7c:b3:4a:13:4e:f5:c3:6a:4c: - 6a:8c:0d:da:5e:b2:20:34:c8:76:c0:58:14:e1:f7:17 - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 28:fa:bc:ae:8e:49:0e:2e:cb:56:fe:39:79:41:f9:01: - 8a:ce:88:ca:9a:d7:4a:96:0e:be:5d:12:a1:6a:9f:b1: - 59:de:c2:b8:03:cc:f1:fe:94:1c:f8:8c:f7:2c:c6:9a: - 6a:98:25:87:15:de:9f:db:a7:d9:9a:00:2a:a0:49:dc: - 81:12:db:89:cb:af:dc:54:f9:a4:b6:bc:a6:6c:78:68: - bb:51:93:07:03:10:bf:6f:78:1e:ad:9b:c7:63:da:79: - 0a:a5:83:3c:33:bf:92:c9:d6:8a:49:dd:69:6b:d3:65: - ea:9f:5e:fa:92:be:82:67:0e:ec:2f:fe:d0:ac:2d:34: - c1:cd:9e:51:79:35:22:08:08:7d:d5:35:d4:e0:b2:42: - 97:ca:bf:f8:87:81:3a:fc:fd:83:e8:85:c0:80:8d:e8: - 58:97:ae:ae:63:e4:62:60:03:f3:4e:1f:00:af:c0:ca: - 47:fa:59:8a:f8:7e:26:bd:49:6b:69:50:96:b9:b8:ad: - 97:b2:aa:89:ea:44:c9:90:25:c9:3b:94:5f:9b:7f:bb: - 4e:71:78:f5:64:69:4f:de:dd:68:a3:2f:a4:92:ca:07: - 31:1f:84:3d:11:00:bc:f4:f4:f4:ed:0c:04:6d:74:8f: - 5e:1b:f4:9f:bf:71:f8:b8:5f:e1:1b:91:e2:a6:5d:e1 - Fingerprint (MD5): - 8C:A7:63:34:2C:55:22:B5:BA:22:5E:F8:BF:36:69:93 - Fingerprint (SHA1): - AC:AA:23:8E:CF:C0:A9:1C:BB:B5:1E:DC:82:D2:02:7D:0C:2B:F5:50 - - Certificate Trust Flags: - SSL Flags: - User - Email Flags: - User - Object Signing Flags: - Terminal Record - Trusted - User - -</certpp> - <tag>audit_signing</tag> - <dn>audit_signing</dn> - </reqcertinfo> - </element> - </reqscerts> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <secureconn>false</secureconn> - <securityDomain>EXAMPLE</securityDomain> - <select>default</select> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>15</subpanelno> - <subsystemName>Token Processing System</subsystemName> - <systemname>Token Processing </systemname> - <title>Administrator</title> - <urls> - <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element> - <element>External CA</element> - </urls> - <urls_size>3</urls_size> -</xml> -Sleeping for 5 secs.. -CRYPTO INIT WITH CERTDB:/home/edewata/Projects/pki-dev/certs/tps -Crypto manager already initialized -Debug : initialize crypto Manager -INITIALIZATION ERROR: org.mozilla.jss.crypto.AlreadyInitializedException -cdir = /home/edewata/Projects/pki-dev/certs/tps -Debug : before getInstance -Debug : before get token -Debug : before login password -Debug : after login password -CRMF_REQUEST = MIIBqjCCAaYwggGaAgEBMIIBkYABAqVmMGQxEDAOBgNVBAoMB0VYQU1QTEUxIzAh
-BgkqhkiG9w0BCQEWFHRwc2FkbWluQGV4YW1wbGUuY29tMRgwFgYKCZImiZPyLGQB
-AQwIdHBzYWRtaW4xETAPBgNVBAMMCHRwc2FkbWlupoIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAvS/Qy27oL6ttnTVtJ86FsmrtrJ/lJMax4P1BAFmlFyEJ
-wOizJzo6VPVl41Pzzo3NNejnH8PYZzXVcJjAYmnq7jMb0VRwdR1jUp4eIIzA+IAe
-Fwy+dpoV++OAHwZzd1Bwmi2cLEKe1EM5jjGm41/Sl+CvVSP5G29ASbjHvoENEnf3
-8DA4Z5xYNgTZE67kjp45SJSCMkDS0z5FLc7KGn2twEHR8dPvjvppnmLPmT/BX3kD
-fzyY9/Sfh0964kNXmJJ1vtvp6ZDsKjw6gl33yPOpSxwWro5xiX/WmF4jCNJOmNHA
-+RXHx9BCIEdQDg2Ae5JanMFWgYHtbRrO4ERXJ3vMXwIDAQABMACiBoAEAwADAA==
- -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=14&uid=tpsadmin&name=TPS+Administrator&email=tpsadmin%40example.com&__pwd=Secret123&__admin_password_again=Secret123&cert_request=MIIBqjCCAaYwggGaAgEBMIIBkYABAqVmMGQxEDAOBgNVBAoMB0VYQU1QTEUxIzAh%0D%0ABgkqhkiG9w0BCQEWFHRwc2FkbWluQGV4YW1wbGUuY29tMRgwFgYKCZImiZPyLGQB%0D%0AAQwIdHBzYWRtaW4xETAPBgNVBAMMCHRwc2FkbWlupoIBIjANBgkqhkiG9w0BAQEF%0D%0AAAOCAQ8AMIIBCgKCAQEAvS%2FQy27oL6ttnTVtJ86FsmrtrJ%2FlJMax4P1BAFmlFyEJ%0D%0AwOizJzo6VPVl41Pzzo3NNejnH8PYZzXVcJjAYmnq7jMb0VRwdR1jUp4eIIzA%2BIAe%0D%0AFwy%2BdpoV%2B%2BOAHwZzd1Bwmi2cLEKe1EM5jjGm41%2FSl%2BCvVSP5G29ASbjHvoENEnf3%0D%0A8DA4Z5xYNgTZE67kjp45SJSCMkDS0z5FLc7KGn2twEHR8dPvjvppnmLPmT%2FBX3kD%0D%0AfzyY9%2FSfh0964kNXmJJ1vtvp6ZDsKjw6gl33yPOpSxwWro5xiX%2FWmF4jCNJOmNHA%0D%0A%2BRXHx9BCIEdQDg2Ae5JanMFWgYHtbRrO4ERXJ3vMXwIDAQABMACiBoAEAwADAA%3D%3D%0D%0A&display=0&profileId=caAdminCert&cert_request_type=crmf&import=true&uid=tpsadmin&clone=0&securitydomain=EXAMPLE&subject=CN%3Dtpsadmin%2CUID%3Dtpsadmin%2CE%3Dtpsadmin%40example.com%2CO%3DEXAMPLE&requestor_name=TPS-vm-084.idm.lab.bos.redhat.com-7890&sessionID=5892650296702736989&auth_hostname=vm-084.idm.lab.bos.redhat.com&auth_port=8443&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:09 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <admin_email/> - <admin_name>TPS Administrator</admin_name> - <admin_pwd/> - <admin_pwd_again/> - <admin_uid>admin</admin_uid> - <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn> - <binddn>cn=directory manager</binddn> - <bindpwd/> - <ca>false</ca> - <caHost>vm-084.idm.lab.bos.redhat.com</caHost> - <caPort>8443</caPort> - <caType>ca</caType> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <certs> - <element> - <certinfo> - <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE</dn> - <tag>sslserver</tag> - <friendly>SSL Server Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE</dn> - <tag>subsystem</tag> - <friendly>Subsystem Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE</dn> - <tag>audit_signing</tag> - <friendly>Audit Log Signing Certificate</friendly> - </certinfo> - </element> - </certs> - <check_clonesubsystem/> - <check_newsubsystem/> - <csstate>1</csstate> - <custom_size>2048</custom_size> - <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <default_ecc_curvename>nistp256</default_ecc_curvename> - <default_keysize>2048</default_keysize> - <disableClone>1</disableClone> - <errorString/> - <firstpanel>0</firstpanel> - <firsttime>true</firsttime> - <fullsystemname>Token Processing System </fullsystemname> - <hostname>localhost</hostname> - <http_port>7888</http_port> - <https_port>7889</https_port> - <import>true</import> - <info/> - <instanceID>&lt;security_domain_instance_name&gt;</instanceID> - <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list> - <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list> - <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list> - <lastpanel>0</lastpanel> - <machineName>localhost</machineName> - <name>Token Processing System</name> - <non_clientauth_https_port>7890</non_clientauth_https_port> - <oms/> - <p>15</p> - <panel>tps/admin/console/config/importadmincertpanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <portStr>389</portStr> - <ppcerts/> - <productversion>10.1.0</productversion> - <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect> - <reqscerts> - <element> - <reqcertinfo> - <name>SSL Server Certificate</name> - <req>-----BEGIN NEW CERTIFICATE REQUEST----- -MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMddm0t -MDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8VWAvSv5V4LRR/MlGgZLf3 -yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpAwSVN1CWtrbflP5O9wkVF -kxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1pfW4Jb6O+vOUzHHNEfH3U -hFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwgdIxI1Q9jZZTiuupfu3Hq -Ipt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1XmBoIvIAJiDWUETBiB4X -iYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOvAqer08kY4ELo70uE1IWX -AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAjAtHz3uSFKDHpYgxCFKiAxSv -NUHdhIZO4DjEl6BuxvH2dkrMOeBuzmGUdB/dmprKvMBRtTwjopD/vbRTkKPc -bB4j92pVxlAUlAd4dvzuFGcK/mhB8kdmCXAAgBOPKlZgpHoWRRaEqbdFznjQ -KDz1lFE6Lb1Wpmcx9u6ZUWjHLd4sr+Ym+byXx9DroMBYV3rK35xUhpNlMjUM -PSX+Fqgx4ddGgpGm0kh9TlczNUMQb+kqds8c3SRCfUTZNo4cE/LOEDqkUdYy -XwTXjjAag7c6b7Dv8/OR4jNNrvAihn5YdlAo3aRssE6zQCKrOfN2bYy3uWMG -+VqC9saBiWkg8sgPbg== ------END NEW CERTIFICATE REQUEST-----</req> - <cert>-----BEGIN CERTIFICATE----- -MIIDlTCCAn2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF -WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz -MTEyMTE3NTQ0OVoXDTE1MTExMTE3NTQ0OVowOjEQMA4GA1UEChMHRVhBTVBM -RTEmMCQGA1UEAxMddm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8V -WAvSv5V4LRR/MlGgZLf3yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpA -wSVN1CWtrbflP5O9wkVFkxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1p -fW4Jb6O+vOUzHHNEfH3UhFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwg -dIxI1Q9jZZTiuupfu3HqIpt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1 -XmBoIvIAJiDWUETBiB4XiYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOv -Aqer08kY4ELo70uE1IWXAgMBAAGjgawwgakwHwYDVR0jBBgwFoAUY6p+ucCt -MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo -dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v -Y3NwMA4GA1UdDwEB/wQEAwIE8DAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYB -BQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQDbNeargy6K/gjb -kkkSgvyfB+evtAGk5O+6lHuAhWefvS4LEkY6VyfZ2q8FJ5i5emIX5udlCpaR -rd1B5czHsv/QRboUYSIVHcUAaQJyxakIF2gzfGtNiTDWFcNNdhLXfBkZMesy -F9azUAJyWIwe4i965F39si+V8MsdcMJB72K5Yk7/IPjANBoN5ZMxFQN1jODX -JRyaSSx34q+Gh+an7NtEGf7zYw04rWPctaLnojrBwtNi9WxSb5kQcrNL7QPl -L8ZwMl2xkiPLHIHMXzDSesqgpZNAdiMHy/KusfZRhfJPSc6gY7oM7fKyIdJS -hOq8/unh4rG37Ws7TLWxV3BNUv7R ------END CERTIFICATE-----</cert> - <certpp>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 16 (0x10) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:54:49 2013 - Not After : Wed Nov 11 17:54:49 2015 - Subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - bf:f6:ad:7c:2f:ac:1a:31:29:b4:ff:ab:d0:0d:4f:15: - 58:0b:d2:bf:95:78:2d:14:7f:32:51:a0:64:b7:f7:c8: - 13:24:c0:3d:8c:08:61:4b:ce:88:6d:be:6c:da:d3:f3: - 9f:ab:6f:2b:6a:2c:12:99:6e:58:65:6a:40:c1:25:4d: - d4:25:ad:ad:b7:e5:3f:93:bd:c2:45:45:93:1c:b9:92: - 2e:f6:41:67:23:2a:fc:28:24:17:91:f2:b5:e1:49:d9: - 14:95:bc:79:07:25:75:78:7d:69:7d:6e:09:6f:a3:be: - bc:e5:33:1c:73:44:7c:7d:d4:84:50:ee:2b:9d:f9:56: - c4:28:3c:b3:72:c3:4b:32:b3:3f:64:f0:08:d7:3f:33: - ab:14:6a:69:43:3c:20:74:8c:48:d5:0f:63:65:94:e2: - ba:ea:5f:bb:71:ea:22:9b:7b:39:1a:5d:77:69:10:45: - 3c:ae:0b:35:fe:f5:3a:78:fe:c8:63:93:ce:e2:a9:72: - ec:31:8b:b5:5e:60:68:22:f2:00:26:20:d6:50:44:c1: - 88:1e:17:89:8b:22:14:cf:f2:5c:cd:d7:99:5b:95:f9: - 22:50:fb:1b:75:5c:82:5c:43:ea:4c:d8:ed:91:0a:43: - af:02:a7:ab:d3:c9:18:e0:42:e8:ef:4b:84:d4:85:97 - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Key Encipherment - Data Encipherment - - Name: Extended Key Usage - TLS Web Server Authentication Certificate - TLS Web Client Authentication Certificate - E-Mail Protection Certificate - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - db:35:e6:ab:83:2e:8a:fe:08:db:92:49:12:82:fc:9f: - 07:e7:af:b4:01:a4:e4:ef:ba:94:7b:80:85:67:9f:bd: - 2e:0b:12:46:3a:57:27:d9:da:af:05:27:98:b9:7a:62: - 17:e6:e7:65:0a:96:91:ad:dd:41:e5:cc:c7:b2:ff:d0: - 45:ba:14:61:22:15:1d:c5:00:69:02:72:c5:a9:08:17: - 68:33:7c:6b:4d:89:30:d6:15:c3:4d:76:12:d7:7c:19: - 19:31:eb:32:17:d6:b3:50:02:72:58:8c:1e:e2:2f:7a: - e4:5d:fd:b2:2f:95:f0:cb:1d:70:c2:41:ef:62:b9:62: - 4e:ff:20:f8:c0:34:1a:0d:e5:93:31:15:03:75:8c:e0: - d7:25:1c:9a:49:2c:77:e2:af:86:87:e6:a7:ec:db:44: - 19:fe:f3:63:0d:38:ad:63:dc:b5:a2:e7:a2:3a:c1:c2: - d3:62:f5:6c:52:6f:99:10:72:b3:4b:ed:03:e5:2f:c6: - 70:32:5d:b1:92:23:cb:1c:81:cc:5f:30:d2:7a:ca:a0: - a5:93:40:76:23:07:cb:f2:ae:b1:f6:51:85:f2:4f:49: - ce:a0:63:ba:0c:ed:f2:b2:21:d2:52:84:ea:bc:fe:e9: - e1:e2:b1:b7:ed:6b:3b:4c:b5:b1:57:70:4d:52:fe:d1 - Fingerprint (MD5): - 5B:BA:5A:1E:52:1A:ED:13:AB:E3:19:4F:A9:A0:F7:F3 - Fingerprint (SHA1): - C5:E3:BA:90:42:9E:A2:8A:80:ED:A7:DE:D7:4A:BB:EC:9B:A1:27:31 - - Certificate Trust Flags: - SSL Flags: - User - Email Flags: - User - Object Signing Flags: - User - -</certpp> - <tag>sslserver</tag> - <dn>sslserver</dn> - </reqcertinfo> - </element> - <element> - <reqcertinfo> - <name>Subsystem Certificate</name> - <req>-----BEGIN NEW CERTIFICATE REQUEST----- -MIICezCCAWMCAQAwNjEQMA4GA1UEChMHRVhBTVBMRTEiMCAGA1UEAxMZVFBT -IFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0AjjFK2Jg20ip1tcP5/8R2n -xTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIzobfBbamW7vzML4mL9bwP -jh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB3/ctf+fPTIdtWZ12pIJP -K9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ0lh6w+MyJ2GBjbpK3r8p -GuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qRW5yPbgIWqPSR7uwOL7Vi -MrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcxQftG4o7vh0eThG0CAwEA -AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAV8clzGabViitCdWmz2DeE4alTiYqa -HWeXno4nKCXBttdkgrr4lu1hNfIjJSxHfj1R+FmAz27jtvA/0bDdBXRuTyzx -ROhZ7raoMymQCW+w8tYO/ThaVQLijx+muX13gfCU0Bxq5+WDRJY4P4TCa49P -3RBMziTc7kVagdmjhWYjnwRyWr8acOo4qEoo/X0wLC01MAe24OyKbfCt+FbT -6PgjCVUAQ5HjmeWXyZQc89iZrkz2XVTFwQUKieni47pAVSL/Abkng2U8czIw -cbBbP6DFO9t2L2Dye9z9LaA9jwSPVaRyKUdOEfemK75kQRLixs2BXUEeZazQ -QgPZ9cJsptbf ------END NEW CERTIFICATE REQUEST-----</req> - <cert>-----BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBETANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF -WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz -MTEyMTE3NTQ1MFoXDTE1MTExMTE3NTQ1MFowNjEQMA4GA1UEChMHRVhBTVBM -RTEiMCAGA1UEAxMZVFBTIFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0Aj -jFK2Jg20ip1tcP5/8R2nxTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIz -obfBbamW7vzML4mL9bwPjh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB -3/ctf+fPTIdtWZ12pIJPK9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ -0lh6w+MyJ2GBjbpK3r8pGuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qR -W5yPbgIWqPSR7uwOL7ViMrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcx -QftG4o7vh0eThG0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBRjqn65wK0yKEDu -gzfgeN+hflzSRDBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGGMWh0dHA6 -Ly92bS0wODQuaWRtLmxhYi5ib3MucmVkaGF0LmNvbTo4MDgwL2NhL29jc3Aw -DgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3 -DQEBCwUAA4IBAQDRBXrEAqLiecW5Xh0yEwgGbcDtpRO2BCbFp3F2W8wURlo0 -axinBQCwdDGkgkXCodyib/CkJk0E5MpbJ6+q6/VLgByyzpGk1uNVIBvlfRtG -TXvU41MrjGjhVANz/uYUA7P96sWxNu8OYQv4mlyh5BDk3itYqfuIN9pLkvRL -SKGqRr+ot6hBMweysCT8I4jMBtFFXszCmithBR4x9O+n7QUcIYWrxKkT9Fm8 -PvHFeb8dMNWU7etAxQVrc/ewZbeYG+S01PFj1lopATHxZqFSCjB6RukjiIe0 -BfNUbzfputLXPUuZu0d/z5EhT+fgNKXUb9zeYFsqebP1ln/JsOJ0MJ4/ ------END CERTIFICATE-----</cert> - <certpp>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 17 (0x11) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:54:50 2013 - Not After : Wed Nov 11 17:54:50 2015 - Subject: CN=TPS Subsystem Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - b0:81:63:41:45:31:21:56:27:2e:86:ee:03:7d:e2:1f: - 1b:b3:40:23:8c:52:b6:26:0d:b4:8a:9d:6d:70:fe:7f: - f1:1d:a7:c5:32:da:ab:cf:8e:0f:15:05:1a:dd:dd:d6: - f8:66:b5:f2:88:a0:3d:61:a7:a9:8c:c4:ac:90:82:f2: - 33:a1:b7:c1:6d:a9:96:ee:fc:cc:2f:89:8b:f5:bc:0f: - 8e:1f:af:79:00:b4:86:ac:d9:8b:c6:ed:e3:3d:56:a4: - 42:3a:45:99:18:18:38:a2:bb:dc:b1:d4:d5:81:df:f7: - 2d:7f:e7:cf:4c:87:6d:59:9d:76:a4:82:4f:2b:d0:33: - cb:64:47:20:15:6f:49:1a:ae:52:5c:72:b9:a4:1d:d7: - 12:7c:56:04:53:fd:8f:c3:0d:23:89:d2:58:7a:c3:e3: - 32:27:61:81:8d:ba:4a:de:bf:29:1a:e3:67:39:4a:79: - ff:54:9a:66:d6:38:01:80:a1:d6:1e:f2:34:d5:81:60: - ba:10:06:64:d6:df:ea:91:5b:9c:8f:6e:02:16:a8:f4: - 91:ee:ec:0e:2f:b5:62:32:bc:47:3a:58:e7:fc:5a:e9: - 63:74:30:00:cb:2d:16:7c:05:e5:b3:93:df:ab:bd:ea: - da:58:40:f7:31:41:fb:46:e2:8e:ef:87:47:93:84:6d - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Key Encipherment - Data Encipherment - - Name: Extended Key Usage - TLS Web Client Authentication Certificate - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - d1:05:7a:c4:02:a2:e2:79:c5:b9:5e:1d:32:13:08:06: - 6d:c0:ed:a5:13:b6:04:26:c5:a7:71:76:5b:cc:14:46: - 5a:34:6b:18:a7:05:00:b0:74:31:a4:82:45:c2:a1:dc: - a2:6f:f0:a4:26:4d:04:e4:ca:5b:27:af:aa:eb:f5:4b: - 80:1c:b2:ce:91:a4:d6:e3:55:20:1b:e5:7d:1b:46:4d: - 7b:d4:e3:53:2b:8c:68:e1:54:03:73:fe:e6:14:03:b3: - fd:ea:c5:b1:36:ef:0e:61:0b:f8:9a:5c:a1:e4:10:e4: - de:2b:58:a9:fb:88:37:da:4b:92:f4:4b:48:a1:aa:46: - bf:a8:b7:a8:41:33:07:b2:b0:24:fc:23:88:cc:06:d1: - 45:5e:cc:c2:9a:2b:61:05:1e:31:f4:ef:a7:ed:05:1c: - 21:85:ab:c4:a9:13:f4:59:bc:3e:f1:c5:79:bf:1d:30: - d5:94:ed:eb:40:c5:05:6b:73:f7:b0:65:b7:98:1b:e4: - b4:d4:f1:63:d6:5a:29:01:31:f1:66:a1:52:0a:30:7a: - 46:e9:23:88:87:b4:05:f3:54:6f:37:e9:ba:d2:d7:3d: - 4b:99:bb:47:7f:cf:91:21:4f:e7:e0:34:a5:d4:6f:dc: - de:60:5b:2a:79:b3:f5:96:7f:c9:b0:e2:74:30:9e:3f - Fingerprint (MD5): - 33:E4:65:72:E7:73:63:F6:4D:F3:0D:1B:79:4B:51:BA - Fingerprint (SHA1): - 2B:3B:C2:42:09:1F:DC:3C:E8:DD:1C:2E:27:CB:22:34:4B:F2:2A:A9 - - Certificate Trust Flags: - SSL Flags: - User - Email Flags: - User - Object Signing Flags: - User - -</certpp> - <tag>subsystem</tag> - <dn>subsystem</dn> - </reqcertinfo> - </element> - <element> - <reqcertinfo> - <name>Audit Log Signing Certificate</name> - <req>-----BEGIN NEW CERTIFICATE REQUEST----- -MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMdVFBT -IEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590Seob6Ee4+8A7ypAy0aJ9E -8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE77XZCpnz1Ddv/fQ71CZw -Lhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru3R7ekVngXp8VE2N5VWBC -kWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWejtWaI7AvYuh7UWbaz+aPg -GFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEMI1m9FDbF6dIdH/zFSXEQ -O+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxqjA3aXrIgNMh2wFgU4fcX -AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAk7D7vqIVUQPPchUR6MWoHyM3 -w5og8cRPE3nJQKPMhy+z1dBC67iTlPDM12entGVC+r4snbvNAfzibV/u9G4z -IurRS42vLls06hCHe2+jDr2xrpHf5iM4QExQuMSFZ9+N0xXg5ytDvWLi/LtI -YProlIaSmOdndJDQr6KPtsGb2My7a4iMBV/qVSD9A6bblbxJNPFHoiTuYj72 -7fWNT0JH2g0OmqZa5lx1o4q8dWAfKlrsMGB7OTRyJ7Y2V7FGgY50isrcxnuw -XTCPxOQGEL2T/F5q/4F+ZyJix1SfhoQys4RBXxvQbhNvbPIAHtHg/5bcbPMN -GNlW6BI4kN+UNRYGtQ== ------END NEW CERTIFICATE REQUEST-----</req> - <cert>-----BEGIN CERTIFICATE----- -MIIDbDCCAlSgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF -WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz -MTEyMTE3NTQ1M1oXDTE1MTExMTE3NTQ1M1owOjEQMA4GA1UEChMHRVhBTVBM -RTEmMCQGA1UEAxMdVFBTIEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590S -eob6Ee4+8A7ypAy0aJ9E8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE -77XZCpnz1Ddv/fQ71CZwLhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru -3R7ekVngXp8VE2N5VWBCkWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWej -tWaI7AvYuh7UWbaz+aPgGFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEM -I1m9FDbF6dIdH/zFSXEQO+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxq -jA3aXrIgNMh2wFgU4fcXAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUY6p+ucCt -MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo -dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v -Y3NwMA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQsFAAOCAQEAKPq8ro5J -Di7LVv45eUH5AYrOiMqa10qWDr5dEqFqn7FZ3sK4A8zx/pQc+Iz3LMaaapgl -hxXen9un2ZoAKqBJ3IES24nLr9xU+aS2vKZseGi7UZMHAxC/b3gerZvHY9p5 -CqWDPDO/ksnWikndaWvTZeqfXvqSvoJnDuwv/tCsLTTBzZ5ReTUiCAh91TXU -4LJCl8q/+IeBOvz9g+iFwICN6FiXrq5j5GJgA/NOHwCvwMpH+lmK+H4mvUlr -aVCWubitl7KqiepEyZAlyTuUX5t/u05xePVkaU/e3WijL6SSygcxH4Q9EQC8 -9PT07QwEbXSPXhv0n79x+Lhf4RuR4qZd4Q== ------END CERTIFICATE-----</cert> - <certpp>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 18 (0x12) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:54:53 2013 - Not After : Wed Nov 11 17:54:53 2015 - Subject: CN=TPS Audit Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - d0:ba:55:c6:b3:d6:2f:2a:a6:cd:a7:d2:55:e7:dd:12: - 7a:86:fa:11:ee:3e:f0:0e:f2:a4:0c:b4:68:9f:44:f1: - bc:31:75:9d:d3:3f:d7:e5:32:61:45:d7:f1:29:a7:ca: - e2:4f:90:54:1e:77:f5:8f:71:e9:be:28:44:ef:b5:d9: - 0a:99:f3:d4:37:6f:fd:f4:3b:d4:26:70:2e:1c:76:5a: - 10:11:42:6e:bf:d3:bf:be:5f:50:3b:4d:90:0b:30:d9: - 40:45:02:ae:62:af:27:17:64:6e:dd:1e:de:91:59:e0: - 5e:9f:15:13:63:79:55:60:42:91:66:22:45:8e:40:c6: - dd:61:5b:6e:77:4a:24:ee:49:c2:17:c2:67:fd:29:ea: - 4c:07:62:f7:45:67:a3:b5:66:88:ec:0b:d8:ba:1e:d4: - 59:b6:b3:f9:a3:e0:18:5b:02:2e:2f:01:f3:04:2b:88: - 9f:61:c8:e5:a9:cd:df:04:6a:c1:a4:d6:9b:cc:f0:ff: - 14:82:71:0c:23:59:bd:14:36:c5:e9:d2:1d:1f:fc:c5: - 49:71:10:3b:e6:d3:1a:a4:2b:8b:da:05:9d:76:c3:fb: - 70:98:b6:0c:7a:7f:a8:7c:b3:4a:13:4e:f5:c3:6a:4c: - 6a:8c:0d:da:5e:b2:20:34:c8:76:c0:58:14:e1:f7:17 - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 28:fa:bc:ae:8e:49:0e:2e:cb:56:fe:39:79:41:f9:01: - 8a:ce:88:ca:9a:d7:4a:96:0e:be:5d:12:a1:6a:9f:b1: - 59:de:c2:b8:03:cc:f1:fe:94:1c:f8:8c:f7:2c:c6:9a: - 6a:98:25:87:15:de:9f:db:a7:d9:9a:00:2a:a0:49:dc: - 81:12:db:89:cb:af:dc:54:f9:a4:b6:bc:a6:6c:78:68: - bb:51:93:07:03:10:bf:6f:78:1e:ad:9b:c7:63:da:79: - 0a:a5:83:3c:33:bf:92:c9:d6:8a:49:dd:69:6b:d3:65: - ea:9f:5e:fa:92:be:82:67:0e:ec:2f:fe:d0:ac:2d:34: - c1:cd:9e:51:79:35:22:08:08:7d:d5:35:d4:e0:b2:42: - 97:ca:bf:f8:87:81:3a:fc:fd:83:e8:85:c0:80:8d:e8: - 58:97:ae:ae:63:e4:62:60:03:f3:4e:1f:00:af:c0:ca: - 47:fa:59:8a:f8:7e:26:bd:49:6b:69:50:96:b9:b8:ad: - 97:b2:aa:89:ea:44:c9:90:25:c9:3b:94:5f:9b:7f:bb: - 4e:71:78:f5:64:69:4f:de:dd:68:a3:2f:a4:92:ca:07: - 31:1f:84:3d:11:00:bc:f4:f4:f4:ed:0c:04:6d:74:8f: - 5e:1b:f4:9f:bf:71:f8:b8:5f:e1:1b:91:e2:a6:5d:e1 - Fingerprint (MD5): - 8C:A7:63:34:2C:55:22:B5:BA:22:5E:F8:BF:36:69:93 - Fingerprint (SHA1): - AC:AA:23:8E:CF:C0:A9:1C:BB:B5:1E:DC:82:D2:02:7D:0C:2B:F5:50 - - Certificate Trust Flags: - SSL Flags: - User - Email Flags: - User - Object Signing Flags: - Terminal Record - Trusted - User - -</certpp> - <tag>audit_signing</tag> - <dn>audit_signing</dn> - </reqcertinfo> - </element> - </reqscerts> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <secureconn>false</secureconn> - <securityDomain>EXAMPLE</securityDomain> - <select>default</select> - <serialNumber>13</serialNumber> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>16</subpanelno> - <subsystemName>Token Processing System</subsystemName> - <systemname>Token Processing </systemname> - <title>Import Administrator Certificate</title> - <urls> - <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element> - <element>External CA</element> - </urls> - <urls_size>3</urls_size> -</xml> -Sleeping for 5 secs.. -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:8443 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:8443//ca/admin/ca/getBySerial?serialNumber=13&importCert=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Server: Apache-Coyote/1.1 -RESPONSE HEADER: Content-Type: application/x-x509-user-cert -RESPONSE HEADER: Content-Length: 1925 -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:21 GMT -RESPONSE HEADER: Connection: keep-alive -Imported Cert=MIIHgQYJKoZIhvcNAQcCoIIHcjCCB24CAQExADAPBgkqhkiG9w0BBwGgAgQAoIIH
-UjCCA7UwggKdoAMCAQICARMwDQYJKoZIhvcNAQELBQAwMzEQMA4GA1UECgwHRVhB
-TVBMRTEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xMzExMjEx
-NzU1MTBaFw0xNDExMjExNzU1MTBaMGQxEDAOBgNVBAoMB0VYQU1QTEUxIzAhBgkq
-hkiG9w0BCQEWFHRwc2FkbWluQGV4YW1wbGUuY29tMRgwFgYKCZImiZPyLGQBAQwI
-dHBzYWRtaW4xETAPBgNVBAMMCHRwc2FkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAvS/Qy27oL6ttnTVtJ86FsmrtrJ/lJMax4P1BAFmlFyEJwOiz
-Jzo6VPVl41Pzzo3NNejnH8PYZzXVcJjAYmnq7jMb0VRwdR1jUp4eIIzA+IAeFwy+
-dpoV++OAHwZzd1Bwmi2cLEKe1EM5jjGm41/Sl+CvVSP5G29ASbjHvoENEnf38DA4
-Z5xYNgTZE67kjp45SJSCMkDS0z5FLc7KGn2twEHR8dPvjvppnmLPmT/BX3kDfzyY
-9/Sfh0964kNXmJJ1vtvp6ZDsKjw6gl33yPOpSxwWro5xiX/WmF4jCNJOmNHA+RXH
-x9BCIEdQDg2Ae5JanMFWgYHtbRrO4ERXJ3vMXwIDAQABo4GiMIGfMB8GA1UdIwQY
-MBaAFGOqfrnArTIoQO6DN+B436F+XNJEME0GCCsGAQUFBwEBBEEwPzA9BggrBgEF
-BQcwAYYxaHR0cDovL3ZtLTA4NC5pZG0ubGFiLmJvcy5yZWRoYXQuY29tOjgwODAv
-Y2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG
-AQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQAJWlit58qSP33zt5vStWDVmnJgzxF3
-F0mAUA1bhN9Y36Y1L7E8yqlL/rDjbZ3MfY8KkD6MkX/JPyZB5RDsnCPfblke0qzd
-pRAbSo3cZfFtSAO2PAr9I2HA2XG8Trk7OSLpXBICGvzW47y6UgXoKWRMP5+evWsa
-wknSMPUi23F1cHJSq974h4+Vbb822+q2EUCtRADfWLsIVRWcopkq1wu7emwuyTY6
-rt8vnUo41/UVQAzcUszRSXhZqd+wHCXOu59Goq1Rq1JawKMYrGII6hZOL/iOVITd
-ck/iQ3RxJcrJd1FVfWfAUUeJQ/NlwqtmEnDmSKdQ/y0EOd9Jl3i7NHh4MIIDlTCC
-An2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdFWEFNUExFMR8w
-HQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEzMTEyMTE3MDAzMFoX
-DTMzMTEyMTE3MDAzMFowMzEQMA4GA1UECgwHRVhBTVBMRTEfMB0GA1UEAwwWQ0Eg
-U2lnbmluZyBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAN+PnnAUnBRDBjppOrnUNwckrJuM85vdRA7Te/YQxDYRu51+Ge2OYYipEWTy
-PsYa+MlORipdGZH0Q1ZXw8l7Gcn+SdDRJNj5MFlYqobt4QcnfSxhvBhdSmcFHD9K
-w0zxkZbF4YAI6osXfM16I+ZxRTiK1vPE92Hi7I/ybyrD+SRfBsXMnXpSU7czDzyU
-94NBxGhaPJMNt849YPItXBbU1yPS+wUUDC04Ve3ofZrtEX2s1QFOriY6jmFAW7mD
-FQraJPoNwq0a5C8BXle9YVoX4Qv3XjwtNyMewrMe0e+avrRX2+RPWB11h2grVrGv
-yxYYQ0+89c8kmGSnDW6gq2y04ssCAwEAAaOBszCBsDAfBgNVHSMEGDAWgBRjqn65
-wK0yKEDugzfgeN+hflzSRDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-xjAdBgNVHQ4EFgQUY6p+ucCtMihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/
-MD0GCCsGAQUFBzABhjFodHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5j
-b206ODA4MC9jYS9vY3NwMA0GCSqGSIb3DQEBCwUAA4IBAQBzcn0xO5Ju2WRkwZOa
-+hd1lKg/KYtXqnOstqKUPNRThmzBlZj1vqF5rHW7ljA83F8n/vDs41TEUbKWRezI
-NYeS28nX0JwJYzTATYup9xCVmp9voV69G9kyvhj8bHBstzfoRQnOebfWLNO0CbIA
-QRruDHYhDy1beXy+1SMS+JOt4ZmeofoKme3razrWxiAr4uuGwvHr9JzXC1udjMd7
-is1A+bgN/kTVFHnVHHZW2eXncnpLwiT+Hjo400yFxmx3vu5Gq9f0KcUzjg6IkfBu
-Wyi4B5/B2Uc85f5YggQ4AU7wJ1R24skSStrWKE0QAKzxEj6vFW3OtooY7Eu+bAjA
-wPDQMQA=
- -CRYPTO INIT WITH CERTDB:/home/edewata/Projects/pki-dev/certs/tps -Crypto manager already initialized -importCert string: importing with nickname: tpsadmin -Already logged into to DB -SUCCESS: imported admin user cert -############################################# -Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 -Connected. -Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=15&serialNumber=13&caHost=vm-084.idm.lab.bos.redhat.com&caPort=8443&op=next&xml=true -RESPONSE STATUS: HTTP/1.1 200 OK -RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:21 GMT -RESPONSE HEADER: Server: Apache -RESPONSE HEADER: Connection: close -RESPONSE HEADER: Content-Type: text/xml -<?xml version="1.0" encoding="UTF-8"?> -<xml> - <admin_email/> - <admin_name>TPS Administrator</admin_name> - <admin_pwd/> - <admin_pwd_again/> - <admin_uid>admin</admin_uid> - <basedn>dc=vm-084.idm.lab.bos.redhat.com-pki-tps</basedn> - <binddn>cn=directory manager</binddn> - <bindpwd/> - <ca>false</ca> - <caHost>vm-084.idm.lab.bos.redhat.com</caHost> - <caPort>8443</caPort> - <caType>ca</caType> - <certchain>Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Issuer: CN=CA Signing Certificate,O=EXAMPLE - Validity: - Not Before: Thu Nov 21 17:00:30 2013 - Not After : Mon Nov 21 17:00:30 2033 - Subject: CN=CA Signing Certificate,O=EXAMPLE - Subject Public Key Info: - Public Key Algorithm: PKCS #1 RSA Encryption - RSA Public Key: - Modulus: - df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: - 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: - bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: - c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: - fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: - 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: - 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: - 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: - 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: - 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: - d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: - d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: - fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: - f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: - db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: - 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb - Exponent: 65537 (0x10001) - Signed Extensions: - Name: Certificate Authority Key Identifier - Key ID: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Certificate Basic Constraints - Critical: True - Data: Is a CA with no maximum path length. - - Name: Certificate Key Usage - Critical: True - Usages: Digital Signature - Non-Repudiation - Certificate Signing - CRL Signing - - Name: Certificate Subject Key ID - Data: - 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: - 7e:5c:d2:44 - - Name: Authority Information Access - Method: PKIX Online Certificate Status Protocol - Location: - URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp - - Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption - Signature: - 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: - 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: - 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: - 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: - db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: - 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: - e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: - 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: - 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: - 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: - f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: - 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: - 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: - 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: - 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: - af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 - Fingerprint (MD5): - C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 - Fingerprint (SHA1): - 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 - - Certificate Trust Flags: - SSL Flags: - Valid CA - Trusted CA - Trusted Client CA - Email Flags: - Valid CA - Trusted CA - Object Signing Flags: - Valid CA - Trusted CA - -</certchain> - <certchain_size>1</certchain_size> - <certs> - <element> - <certinfo> - <dn>CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE</dn> - <tag>sslserver</tag> - <friendly>SSL Server Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE</dn> - <tag>subsystem</tag> - <friendly>Subsystem Certificate</friendly> - </certinfo> - </element> - <element> - <certinfo> - <dn>CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE</dn> - <tag>audit_signing</tag> - <friendly>Audit Log Signing Certificate</friendly> - </certinfo> - </element> - </certs> - <check_clonesubsystem/> - <check_newsubsystem/> - <csstate>1</csstate> - <custom_size>2048</custom_size> - <database>vm-084.idm.lab.bos.redhat.com-pki-tps</database> - <dbg/> - <defTok>NSS Certificate DB</defTok> - <default_ecc_curvename>nistp256</default_ecc_curvename> - <default_keysize>2048</default_keysize> - <disableClone>1</disableClone> - <errorString/> - <firstpanel>0</firstpanel> - <firsttime>true</firsttime> - <fullsystemname>Token Processing System </fullsystemname> - <host>vm-084.idm.lab.bos.redhat.com</host> - <hostname>localhost</hostname> - <http_port>7888</http_port> - <https_port>7889</https_port> - <import>true</import> - <info/> - <instanceID>pki-tps</instanceID> - <keys_ecc_curve_display_list>nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_display_list> - <keys_ecc_curve_list>nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2</keys_ecc_curve_list> - <keys_rsa_size_display_list>1024,2048,3072,4096</keys_rsa_size_display_list> - <lastpanel>1</lastpanel> - <machineName>localhost</machineName> - <name>Token Processing System</name> - <non_clientauth_https_port>7890</non_clientauth_https_port> - <non_clientauth_port>7890</non_clientauth_port> - <oms/> - <p>16</p> - <panel>tps/admin/console/config/donepanel.vm</panel> - <panelname>Security Domain</panelname> - <panels> - <element>PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0)</element> - <element>PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608)</element> - <element>PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188)</element> - <element>PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30)</element> - <element>PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480)</element> - <element>PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8)</element> - <element>PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650)</element> - <element>PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0)</element> - <element>PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8)</element> - <element>PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118)</element> - <element>PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670)</element> - <element>PKI::TPS::SizePanel=HASH(0x7fa0c0be0798)</element> - <element>PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610)</element> - <element>PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698)</element> - <element>PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018)</element> - <element>PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30)</element> - <element>PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8)</element> - </panels> - <port>7889</port> - <portStr>389</portStr> - <ppcerts/> - <productversion>10.1.0</productversion> - <redirect>https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS</redirect> - <reqscerts> - <element> - <reqcertinfo> - <name>SSL Server Certificate</name> - <req/> - <cert>...paste certificate here...</cert> - <certpp/> - <tag>sslserver</tag> - <dn>sslserver</dn> - </reqcertinfo> - </element> - <element> - <reqcertinfo> - <name>Subsystem Certificate</name> - <req/> - <cert>...paste certificate here...</cert> - <certpp/> - <tag>subsystem</tag> - <dn>subsystem</dn> - </reqcertinfo> - </element> - <element> - <reqcertinfo> - <name>Audit Log Signing Certificate</name> - <req/> - <cert>...paste certificate here...</cert> - <certpp/> - <tag>audit_signing</tag> - <dn>audit_signing</dn> - </reqcertinfo> - </element> - </reqscerts> - <restartCommand>systemctl restart pki-tpsd@pki-tps</restartCommand> - <sdomainAdminURL>https://vm-084.idm.lab.bos.redhat.com:9445</sdomainAdminURL> - <sdomainName>Security Domain</sdomainName> - <sdomainURL/> - <secureconn>false</secureconn> - <securityDomain>EXAMPLE</securityDomain> - <select>default</select> - <serialNumber>13</serialNumber> - <showApplyButton>false</showApplyButton> - <sms> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0740410e0)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0742a1668)</element> - <element>PKI::TPS::GlobalVar=HASH(0x7fa0747ab760)</element> - </sms> - <statusCommand>systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service</statusCommand> - <subpanelno>17</subpanelno> - <subsystemName>Token Processing System</subsystemName> - <systemname>Token Processing </systemname> - <title>Done</title> - <unsecurePort>7888</unsecurePort> - <urls> - <element>CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443</element> - <element>External CA</element> - </urls> - <urls_size>3</urls_size> -</xml> -Certificate System - TPS Instance Configured - -####################################################################### diff --git a/scripts/tps-create.sh b/scripts/tps-create.sh index 7ad3c8f..550a3d7 100755 --- a/scripts/tps-create.sh +++ b/scripts/tps-create.sh @@ -41,8 +41,8 @@ pki_enable_server_side_keygen=True #pki_share_db=False pki_audit_signing_nickname=tps_audit_signing -pki_ssl_server_nickname=sslserver +pki_sslserver_nickname=sslserver pki_subsystem_nickname=subsystem EOF -pkispawn -f tmp/tps.cfg -s TPS -vvv +pkispawn -f tmp/tps.cfg -s TPS diff --git a/scripts/tps-publish.sh b/scripts/tps-publish.sh index 72d9bd3..b75f36e 100755 --- a/scripts/tps-publish.sh +++ b/scripts/tps-publish.sh @@ -7,4 +7,4 @@ cd $BUILD_DIR REPO_DIR=/var/www/html/pub/fedora/linux/releases/20/Everything/x86_64/os mkdir -p $REPO_DIR cp repo/*.rpm $REPO_DIR -createrepo $REPO_DIR +#createrepo $REPO_DIR |