From 6c917d96cb5fb61680ebfe1cba3040dd4b38180d Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 14 Jan 2014 12:44:57 -0500 Subject: Updated TPS scripts. --- scripts/tps-build.sh | 20 +- scripts/tps-configure.out | 3771 ++++++++++++++++++++++++++++++++++++++++++ scripts/tps-configure.sh | 4 +- scripts/tps-create.sh | 26 +- scripts/tps-download.sh | 12 + scripts/tps-enroll.sh | 18 + scripts/tps-import-shared.sh | 5 - scripts/tps-install.sh | 5 +- scripts/tps-publish.sh | 10 + scripts/tps-remove.sh | 15 +- scripts/tps-secret-import.sh | 5 + scripts/tps-secret-list.sh | 9 + scripts/tps-start.sh | 9 +- scripts/tps-stop.sh | 9 +- scripts/tps.cfg | 14 +- 15 files changed, 3863 insertions(+), 69 deletions(-) create mode 100644 scripts/tps-configure.out create mode 100755 scripts/tps-download.sh create mode 100755 scripts/tps-enroll.sh delete mode 100755 scripts/tps-import-shared.sh create mode 100755 scripts/tps-publish.sh create mode 100755 scripts/tps-secret-import.sh create mode 100755 scripts/tps-secret-list.sh (limited to 'scripts') diff --git a/scripts/tps-build.sh b/scripts/tps-build.sh index 14fcdef..170b9e9 100755 --- a/scripts/tps-build.sh +++ b/scripts/tps-build.sh @@ -1,21 +1,19 @@ #!/bin/sh -x -WORK_DIR=`pwd` PROJECT_DIR=`cd ../.. ; pwd` -COMPONENT=tps -mkdir -p $WORK_DIR/build -rm -rf $WORK_DIR/build/$COMPONENT +BUILD_DIR=$HOME/build/pki-tps +COMPOSE=$PROJECT_DIR/pki/scripts/compose_pki_tps_packages -cd $PROJECT_DIR -rm -rf packages -mkdir -p packages +mkdir -p $BUILD_DIR +cd $BUILD_DIR -pki/scripts/compose_pki_${COMPONENT}_packages rpms 2>&1 | tee packages/build.log +rm -rf rpmbuild +mkdir -p rpmbuild -mv packages $WORK_DIR/build/$COMPONENT -cd $WORK_DIR/build/$COMPONENT +$COMPOSE --work-dir $BUILD_DIR/rpmbuild rpms 2>&1 | tee build.log +rm -rf repo mkdir -p repo -mv `find RPMS -name *.rpm` repo +mv `find rpmbuild/RPMS -name *.rpm` repo createrepo repo diff --git a/scripts/tps-configure.out b/scripts/tps-configure.out new file mode 100644 index 0000000..5b5fddc --- /dev/null +++ b/scripts/tps-configure.out @@ -0,0 +1,3771 @@ +libpath=/usr/lib64 +####################################################################### +CRYPTO INIT WITH CERTDB:/home/edewata/Projects/pki-dev/certs/tps +tokenpwd:Secret123 +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +in TestCertApprovalCallback.approve() +Peer cert details: + subject: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 + issuer: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 + serial: 0 +item 1 reason=-8156 depth=1 + cert details: + subject: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 + issuer: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 + serial: 0 +item 2 reason=-8172 depth=1 + cert details: + subject: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 + issuer: CN=vm-084.idm.lab.bos.redhat.com,O=2013-11-21 12:51:55 + serial: 0 +importing certificate. +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/login?pin=hVBuhr0azj9HumVnT4P8&xml=true +RESPONSE STATUS: HTTP/1.1 302 Found +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:10 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Set-Cookie: pin=hVBuhr0azj9HumVnT4P8; path=/; expires=Fri, 21-Nov-2014 17:53:10 GMT +RESPONSE HEADER: Location: wizard +RESPONSE HEADER: Content-Length: 0 +RESPONSE HEADER: Keep-Alive: timeout=15, max=100 +RESPONSE HEADER: Connection: Keep-Alive +RESPONSE HEADER: Content-Type: text/html +xml returned: +cookie list: pin=hVBuhr0azj9HumVnT4P8; path=/; expires=Fri, 21-Nov-2014 17:53:10 GMT +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=0&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:10 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + 1 + + NSS Certificate DB + + 0 + 0 + Token Processing System + +

1

+ tps/admin/console/config/modulepanel.vm + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + + 10.1.0 + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + 2 + Security Modules + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=1&choice=NSS+Certificate+DB&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:16 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + 1 + + NSS Certificate DB + + 0 + <security_domain_instance_name> + 0 + Token Processing System + +

3

+ tps/admin/console/config/securitydomainpanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 4 + Security Domain + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=3&choice=existingdomain&sdomainURL=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A8443&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:22 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + 1 + + NSS Certificate DB + + 0 + <security_domain_instance_name> + 0 + Token Processing System + +

4

+ tps/admin/console/config/displaycertchainpanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 5 + Display Certificate Chain + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=4&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 301 Moved Permanently +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:29 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Location: https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS +RESPONSE HEADER: Content-Length: 0 +RESPONSE HEADER: Keep-Alive: timeout=15, max=100 +RESPONSE HEADER: Connection: Keep-Alive +RESPONSE HEADER: Content-Type: text/html +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:8443 +in TestCertApprovalCallback.approve() +Peer cert details: + subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE + issuer: CN=CA Signing Certificate,O=EXAMPLE + serial: 3 +item 1 reason=-8172 depth=1 + cert details: + subject: CN=CA Signing Certificate,O=EXAMPLE + issuer: CN=CA Signing Certificate,O=EXAMPLE + serial: 1 +importing certificate. +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:8443//ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DTPS +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Server: Apache-Coyote/1.1 +RESPONSE HEADER: Content-Type: text/html;charset=UTF-8 +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:35 GMT +RESPONSE HEADER: Connection: close +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:8443 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:8443//ca/admin/ca/getCookie?uid=caadmin&pwd=Secret123&url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DTPS +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Server: Apache-Coyote/1.1 +RESPONSE HEADER: Content-Type: text/html +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:36 GMT +RESPONSE HEADER: Connection: close +Sleeping for 5 secs.. +TPS_SESSION_ID=5892650296702736989 +TPS_URL=https://vm-084.idm.lab.bos.redhat.com:7890/tps/admin/console/config/wizard?p=3&subsystem=TPS +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=5&subsystem=TPS&session_id=5892650296702736989&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:41 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml +Sleeping for 5 secs.. +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=5&choice=newsubsystem&subsystemName=Token+Processing+System&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:53 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + + + 1 + + NSS Certificate DB + 1 + + 0 + Token Processing System + 7888 + 7889 + <security_domain_instance_name> + 0 + localhost + Token Processing System + 7890 + +

6

+ tps/admin/console/config/cainfopanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 7 + Token Processing System + Token Processing + CA Information + + CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443 + + 1 + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=6&urls=0&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:53:59 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + + + 1 + + NSS Certificate DB + 1 + + 0 + Token Processing System + 7888 + 7889 + <security_domain_instance_name> + 0 + localhost + Token Processing System + 7890 + +

7

+ tps/admin/console/config/tksinfopanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 8 + Token Processing System + Token Processing + TKS Information + + TKS vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443 + + 1 + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=7&urls=0&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:05 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + + + 1 + + NSS Certificate DB + 1 + + 0 + Token Processing System + 7888 + 7889 + <security_domain_instance_name> + 0 + localhost + Token Processing System + 7890 + +

8

+ tps/admin/console/config/drminfopanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 9 + Token Processing System + Token Processing + DRM Information + + KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443 + + 1 + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=8&choice=keygen&urls=0&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:12 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + dc=idm,dc=lab,dc=bos,dc=redhat,dc=com + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + + + 1 + + NSS Certificate DB + 1 + + 0 + Token Processing System + localhost + 7888 + 7889 + <security_domain_instance_name> + 0 + localhost + Token Processing System + 7890 + +

9

+ tps/admin/console/config/authdbpanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + 389 + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 10 + Token Processing System + Token Processing + Authentication Directory + + KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443 + + 1 + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=9&host=vm-084.idm.lab.bos.redhat.com&port=389&basedn=dc%3Dexample%2Cdc%3Dcom&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:18 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + dc=vm-084.idm.lab.bos.redhat.com-pki-tps + cn=directory manager + + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + + + 1 + vm-084.idm.lab.bos.redhat.com-pki-tps + + NSS Certificate DB + 1 + + 0 + Token Processing System + localhost + 7888 + 7889 + <security_domain_instance_name> + 0 + localhost + Token Processing System + 7890 + +

10

+ tps/admin/console/config/databasepanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + 389 + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 11 + Token Processing System + Token Processing + Internal Database + + KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443 + + 1 + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=10&host=vm-084.idm.lab.bos.redhat.com&port=389&binddn=cn%3DDirectory+Manager&__bindpwd=Secret123&basedn=dc%3Dtps%2Cdc%3Dexample%2Cdc%3Dcom&database=pki-tps&display=&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:24 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + dc=vm-084.idm.lab.bos.redhat.com-pki-tps + cn=directory manager + + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + + + + CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps + sslserver + SSL Server Certificate + + + + + CN=TPS Subsystem Certificate, OU=pki-tps + subsystem + Subsystem Certificate + + + + + CN=TPS Audit Signing Certificate, OU=pki-tps + audit_signing + Audit Log Signing Certificate + + + + + + 1 + 2048 + vm-084.idm.lab.bos.redhat.com-pki-tps + + NSS Certificate DB + nistp256 + 2048 + 1 + + 0 + true + Token Processing System + localhost + 7888 + 7889 + <security_domain_instance_name> + nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + 1024,2048,3072,4096 + 0 + localhost + Token Processing System + 7890 + +

11

+ tps/admin/console/config/sizepanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + 389 + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 12 + Token Processing System + Token Processing + Key Pairs + + KRA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443 + + 1 + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=11&keytype=rsa&choice=default&custom_size=2048&sslserver_keytype=rsa&sslserver_choice=custom&sslserver_custom_size=2048&subsystem_keytype=rsa&subsystem_choice=custom&subsystem_custom_size=2048&audit_signing_keytype=rsa&audit_signing_choice=default&audit_signing_custom_size=2048&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:39 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + dc=vm-084.idm.lab.bos.redhat.com-pki-tps + cn=directory manager + + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + + + + CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE + sslserver + SSL Server Certificate + + + + + CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE + subsystem + Subsystem Certificate + + + + + CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE + audit_signing + Audit Log Signing Certificate + + + + + + 1 + 2048 + vm-084.idm.lab.bos.redhat.com-pki-tps + + NSS Certificate DB + nistp256 + 2048 + 1 + + 0 + true + Token Processing System + localhost + 7888 + 7889 + <security_domain_instance_name> + nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + 1024,2048,3072,4096 + 0 + localhost + Token Processing System + 7890 + +

12

+ tps/admin/console/config/namepanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + 389 + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 13 + Token Processing System + Token Processing + Subject Names + + CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443 + External CA + + 3 + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=12&sslserver=CN%3Dvm-084.idm.lab.bos.redhat.com%2CO%3DEXAMPLE&sslserver_nick=Server-Cert+cert-pki-tps&subsystem=CN%3DTPS+Subsystem+Certificate%2CO%3DEXAMPLE&subsystem_nick=subsystemCert+cert-pki-tps&audit_signing=CN%3DTPS+Audit+Signing+Certificate%2CO%3DEXAMPLE&audit_signing_nick=auditSigningCert+cert-pki-tps&urls=0&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:54:46 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + dc=vm-084.idm.lab.bos.redhat.com-pki-tps + cn=directory manager + + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + + + + CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE + sslserver + SSL Server Certificate + + + + + CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE + subsystem + Subsystem Certificate + + + + + CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE + audit_signing + Audit Log Signing Certificate + + + + + + 1 + 2048 + vm-084.idm.lab.bos.redhat.com-pki-tps + + NSS Certificate DB + nistp256 + 2048 + 1 + + 0 + true + Token Processing System + localhost + 7888 + 7889 + <security_domain_instance_name> + nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + 1024,2048,3072,4096 + 0 + localhost + Token Processing System + 7890 + +

13

+ tps/admin/console/config/certrequestpanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + 389 + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS + + + + SSL Server Certificate + -----BEGIN NEW CERTIFICATE REQUEST----- +MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMddm0t +MDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8VWAvSv5V4LRR/MlGgZLf3 +yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpAwSVN1CWtrbflP5O9wkVF +kxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1pfW4Jb6O+vOUzHHNEfH3U +hFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwgdIxI1Q9jZZTiuupfu3Hq +Ipt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1XmBoIvIAJiDWUETBiB4X +iYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOvAqer08kY4ELo70uE1IWX +AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAjAtHz3uSFKDHpYgxCFKiAxSv +NUHdhIZO4DjEl6BuxvH2dkrMOeBuzmGUdB/dmprKvMBRtTwjopD/vbRTkKPc +bB4j92pVxlAUlAd4dvzuFGcK/mhB8kdmCXAAgBOPKlZgpHoWRRaEqbdFznjQ +KDz1lFE6Lb1Wpmcx9u6ZUWjHLd4sr+Ym+byXx9DroMBYV3rK35xUhpNlMjUM +PSX+Fqgx4ddGgpGm0kh9TlczNUMQb+kqds8c3SRCfUTZNo4cE/LOEDqkUdYy +XwTXjjAag7c6b7Dv8/OR4jNNrvAihn5YdlAo3aRssE6zQCKrOfN2bYy3uWMG ++VqC9saBiWkg8sgPbg== +-----END NEW CERTIFICATE REQUEST----- + -----BEGIN CERTIFICATE----- +MIIDlTCCAn2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF +WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz +MTEyMTE3NTQ0OVoXDTE1MTExMTE3NTQ0OVowOjEQMA4GA1UEChMHRVhBTVBM +RTEmMCQGA1UEAxMddm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8V +WAvSv5V4LRR/MlGgZLf3yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpA +wSVN1CWtrbflP5O9wkVFkxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1p +fW4Jb6O+vOUzHHNEfH3UhFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwg +dIxI1Q9jZZTiuupfu3HqIpt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1 +XmBoIvIAJiDWUETBiB4XiYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOv +Aqer08kY4ELo70uE1IWXAgMBAAGjgawwgakwHwYDVR0jBBgwFoAUY6p+ucCt +MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo +dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v +Y3NwMA4GA1UdDwEB/wQEAwIE8DAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYB +BQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQDbNeargy6K/gjb +kkkSgvyfB+evtAGk5O+6lHuAhWefvS4LEkY6VyfZ2q8FJ5i5emIX5udlCpaR +rd1B5czHsv/QRboUYSIVHcUAaQJyxakIF2gzfGtNiTDWFcNNdhLXfBkZMesy +F9azUAJyWIwe4i965F39si+V8MsdcMJB72K5Yk7/IPjANBoN5ZMxFQN1jODX +JRyaSSx34q+Gh+an7NtEGf7zYw04rWPctaLnojrBwtNi9WxSb5kQcrNL7QPl +L8ZwMl2xkiPLHIHMXzDSesqgpZNAdiMHy/KusfZRhfJPSc6gY7oM7fKyIdJS +hOq8/unh4rG37Ws7TLWxV3BNUv7R +-----END CERTIFICATE----- + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16 (0x10) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:54:49 2013 + Not After : Wed Nov 11 17:54:49 2015 + Subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + bf:f6:ad:7c:2f:ac:1a:31:29:b4:ff:ab:d0:0d:4f:15: + 58:0b:d2:bf:95:78:2d:14:7f:32:51:a0:64:b7:f7:c8: + 13:24:c0:3d:8c:08:61:4b:ce:88:6d:be:6c:da:d3:f3: + 9f:ab:6f:2b:6a:2c:12:99:6e:58:65:6a:40:c1:25:4d: + d4:25:ad:ad:b7:e5:3f:93:bd:c2:45:45:93:1c:b9:92: + 2e:f6:41:67:23:2a:fc:28:24:17:91:f2:b5:e1:49:d9: + 14:95:bc:79:07:25:75:78:7d:69:7d:6e:09:6f:a3:be: + bc:e5:33:1c:73:44:7c:7d:d4:84:50:ee:2b:9d:f9:56: + c4:28:3c:b3:72:c3:4b:32:b3:3f:64:f0:08:d7:3f:33: + ab:14:6a:69:43:3c:20:74:8c:48:d5:0f:63:65:94:e2: + ba:ea:5f:bb:71:ea:22:9b:7b:39:1a:5d:77:69:10:45: + 3c:ae:0b:35:fe:f5:3a:78:fe:c8:63:93:ce:e2:a9:72: + ec:31:8b:b5:5e:60:68:22:f2:00:26:20:d6:50:44:c1: + 88:1e:17:89:8b:22:14:cf:f2:5c:cd:d7:99:5b:95:f9: + 22:50:fb:1b:75:5c:82:5c:43:ea:4c:d8:ed:91:0a:43: + af:02:a7:ab:d3:c9:18:e0:42:e8:ef:4b:84:d4:85:97 + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Key Encipherment + Data Encipherment + + Name: Extended Key Usage + TLS Web Server Authentication Certificate + TLS Web Client Authentication Certificate + E-Mail Protection Certificate + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + db:35:e6:ab:83:2e:8a:fe:08:db:92:49:12:82:fc:9f: + 07:e7:af:b4:01:a4:e4:ef:ba:94:7b:80:85:67:9f:bd: + 2e:0b:12:46:3a:57:27:d9:da:af:05:27:98:b9:7a:62: + 17:e6:e7:65:0a:96:91:ad:dd:41:e5:cc:c7:b2:ff:d0: + 45:ba:14:61:22:15:1d:c5:00:69:02:72:c5:a9:08:17: + 68:33:7c:6b:4d:89:30:d6:15:c3:4d:76:12:d7:7c:19: + 19:31:eb:32:17:d6:b3:50:02:72:58:8c:1e:e2:2f:7a: + e4:5d:fd:b2:2f:95:f0:cb:1d:70:c2:41:ef:62:b9:62: + 4e:ff:20:f8:c0:34:1a:0d:e5:93:31:15:03:75:8c:e0: + d7:25:1c:9a:49:2c:77:e2:af:86:87:e6:a7:ec:db:44: + 19:fe:f3:63:0d:38:ad:63:dc:b5:a2:e7:a2:3a:c1:c2: + d3:62:f5:6c:52:6f:99:10:72:b3:4b:ed:03:e5:2f:c6: + 70:32:5d:b1:92:23:cb:1c:81:cc:5f:30:d2:7a:ca:a0: + a5:93:40:76:23:07:cb:f2:ae:b1:f6:51:85:f2:4f:49: + ce:a0:63:ba:0c:ed:f2:b2:21:d2:52:84:ea:bc:fe:e9: + e1:e2:b1:b7:ed:6b:3b:4c:b5:b1:57:70:4d:52:fe:d1 + Fingerprint (MD5): + 5B:BA:5A:1E:52:1A:ED:13:AB:E3:19:4F:A9:A0:F7:F3 + Fingerprint (SHA1): + C5:E3:BA:90:42:9E:A2:8A:80:ED:A7:DE:D7:4A:BB:EC:9B:A1:27:31 + + Certificate Trust Flags: + SSL Flags: + User + Email Flags: + User + Object Signing Flags: + User + + + sslserver + sslserver + + + + + Subsystem Certificate + -----BEGIN NEW CERTIFICATE REQUEST----- +MIICezCCAWMCAQAwNjEQMA4GA1UEChMHRVhBTVBMRTEiMCAGA1UEAxMZVFBT +IFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0AjjFK2Jg20ip1tcP5/8R2n +xTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIzobfBbamW7vzML4mL9bwP +jh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB3/ctf+fPTIdtWZ12pIJP +K9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ0lh6w+MyJ2GBjbpK3r8p +GuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qRW5yPbgIWqPSR7uwOL7Vi +MrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcxQftG4o7vh0eThG0CAwEA +AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAV8clzGabViitCdWmz2DeE4alTiYqa +HWeXno4nKCXBttdkgrr4lu1hNfIjJSxHfj1R+FmAz27jtvA/0bDdBXRuTyzx +ROhZ7raoMymQCW+w8tYO/ThaVQLijx+muX13gfCU0Bxq5+WDRJY4P4TCa49P +3RBMziTc7kVagdmjhWYjnwRyWr8acOo4qEoo/X0wLC01MAe24OyKbfCt+FbT +6PgjCVUAQ5HjmeWXyZQc89iZrkz2XVTFwQUKieni47pAVSL/Abkng2U8czIw +cbBbP6DFO9t2L2Dye9z9LaA9jwSPVaRyKUdOEfemK75kQRLixs2BXUEeZazQ +QgPZ9cJsptbf +-----END NEW CERTIFICATE REQUEST----- + -----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIBETANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF +WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz +MTEyMTE3NTQ1MFoXDTE1MTExMTE3NTQ1MFowNjEQMA4GA1UEChMHRVhBTVBM +RTEiMCAGA1UEAxMZVFBTIFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0Aj +jFK2Jg20ip1tcP5/8R2nxTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIz +obfBbamW7vzML4mL9bwPjh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB +3/ctf+fPTIdtWZ12pIJPK9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ +0lh6w+MyJ2GBjbpK3r8pGuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qR +W5yPbgIWqPSR7uwOL7ViMrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcx +QftG4o7vh0eThG0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBRjqn65wK0yKEDu +gzfgeN+hflzSRDBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGGMWh0dHA6 +Ly92bS0wODQuaWRtLmxhYi5ib3MucmVkaGF0LmNvbTo4MDgwL2NhL29jc3Aw +DgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4IBAQDRBXrEAqLiecW5Xh0yEwgGbcDtpRO2BCbFp3F2W8wURlo0 +axinBQCwdDGkgkXCodyib/CkJk0E5MpbJ6+q6/VLgByyzpGk1uNVIBvlfRtG +TXvU41MrjGjhVANz/uYUA7P96sWxNu8OYQv4mlyh5BDk3itYqfuIN9pLkvRL +SKGqRr+ot6hBMweysCT8I4jMBtFFXszCmithBR4x9O+n7QUcIYWrxKkT9Fm8 +PvHFeb8dMNWU7etAxQVrc/ewZbeYG+S01PFj1lopATHxZqFSCjB6RukjiIe0 +BfNUbzfputLXPUuZu0d/z5EhT+fgNKXUb9zeYFsqebP1ln/JsOJ0MJ4/ +-----END CERTIFICATE----- + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17 (0x11) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:54:50 2013 + Not After : Wed Nov 11 17:54:50 2015 + Subject: CN=TPS Subsystem Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + b0:81:63:41:45:31:21:56:27:2e:86:ee:03:7d:e2:1f: + 1b:b3:40:23:8c:52:b6:26:0d:b4:8a:9d:6d:70:fe:7f: + f1:1d:a7:c5:32:da:ab:cf:8e:0f:15:05:1a:dd:dd:d6: + f8:66:b5:f2:88:a0:3d:61:a7:a9:8c:c4:ac:90:82:f2: + 33:a1:b7:c1:6d:a9:96:ee:fc:cc:2f:89:8b:f5:bc:0f: + 8e:1f:af:79:00:b4:86:ac:d9:8b:c6:ed:e3:3d:56:a4: + 42:3a:45:99:18:18:38:a2:bb:dc:b1:d4:d5:81:df:f7: + 2d:7f:e7:cf:4c:87:6d:59:9d:76:a4:82:4f:2b:d0:33: + cb:64:47:20:15:6f:49:1a:ae:52:5c:72:b9:a4:1d:d7: + 12:7c:56:04:53:fd:8f:c3:0d:23:89:d2:58:7a:c3:e3: + 32:27:61:81:8d:ba:4a:de:bf:29:1a:e3:67:39:4a:79: + ff:54:9a:66:d6:38:01:80:a1:d6:1e:f2:34:d5:81:60: + ba:10:06:64:d6:df:ea:91:5b:9c:8f:6e:02:16:a8:f4: + 91:ee:ec:0e:2f:b5:62:32:bc:47:3a:58:e7:fc:5a:e9: + 63:74:30:00:cb:2d:16:7c:05:e5:b3:93:df:ab:bd:ea: + da:58:40:f7:31:41:fb:46:e2:8e:ef:87:47:93:84:6d + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Key Encipherment + Data Encipherment + + Name: Extended Key Usage + TLS Web Client Authentication Certificate + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + d1:05:7a:c4:02:a2:e2:79:c5:b9:5e:1d:32:13:08:06: + 6d:c0:ed:a5:13:b6:04:26:c5:a7:71:76:5b:cc:14:46: + 5a:34:6b:18:a7:05:00:b0:74:31:a4:82:45:c2:a1:dc: + a2:6f:f0:a4:26:4d:04:e4:ca:5b:27:af:aa:eb:f5:4b: + 80:1c:b2:ce:91:a4:d6:e3:55:20:1b:e5:7d:1b:46:4d: + 7b:d4:e3:53:2b:8c:68:e1:54:03:73:fe:e6:14:03:b3: + fd:ea:c5:b1:36:ef:0e:61:0b:f8:9a:5c:a1:e4:10:e4: + de:2b:58:a9:fb:88:37:da:4b:92:f4:4b:48:a1:aa:46: + bf:a8:b7:a8:41:33:07:b2:b0:24:fc:23:88:cc:06:d1: + 45:5e:cc:c2:9a:2b:61:05:1e:31:f4:ef:a7:ed:05:1c: + 21:85:ab:c4:a9:13:f4:59:bc:3e:f1:c5:79:bf:1d:30: + d5:94:ed:eb:40:c5:05:6b:73:f7:b0:65:b7:98:1b:e4: + b4:d4:f1:63:d6:5a:29:01:31:f1:66:a1:52:0a:30:7a: + 46:e9:23:88:87:b4:05:f3:54:6f:37:e9:ba:d2:d7:3d: + 4b:99:bb:47:7f:cf:91:21:4f:e7:e0:34:a5:d4:6f:dc: + de:60:5b:2a:79:b3:f5:96:7f:c9:b0:e2:74:30:9e:3f + Fingerprint (MD5): + 33:E4:65:72:E7:73:63:F6:4D:F3:0D:1B:79:4B:51:BA + Fingerprint (SHA1): + 2B:3B:C2:42:09:1F:DC:3C:E8:DD:1C:2E:27:CB:22:34:4B:F2:2A:A9 + + Certificate Trust Flags: + SSL Flags: + User + Email Flags: + User + Object Signing Flags: + User + + + subsystem + subsystem + + + + + Audit Log Signing Certificate + -----BEGIN NEW CERTIFICATE REQUEST----- +MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMdVFBT +IEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590Seob6Ee4+8A7ypAy0aJ9E +8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE77XZCpnz1Ddv/fQ71CZw +Lhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru3R7ekVngXp8VE2N5VWBC +kWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWejtWaI7AvYuh7UWbaz+aPg +GFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEMI1m9FDbF6dIdH/zFSXEQ +O+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxqjA3aXrIgNMh2wFgU4fcX +AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAk7D7vqIVUQPPchUR6MWoHyM3 +w5og8cRPE3nJQKPMhy+z1dBC67iTlPDM12entGVC+r4snbvNAfzibV/u9G4z +IurRS42vLls06hCHe2+jDr2xrpHf5iM4QExQuMSFZ9+N0xXg5ytDvWLi/LtI +YProlIaSmOdndJDQr6KPtsGb2My7a4iMBV/qVSD9A6bblbxJNPFHoiTuYj72 +7fWNT0JH2g0OmqZa5lx1o4q8dWAfKlrsMGB7OTRyJ7Y2V7FGgY50isrcxnuw +XTCPxOQGEL2T/F5q/4F+ZyJix1SfhoQys4RBXxvQbhNvbPIAHtHg/5bcbPMN +GNlW6BI4kN+UNRYGtQ== +-----END NEW CERTIFICATE REQUEST----- + -----BEGIN CERTIFICATE----- +MIIDbDCCAlSgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF +WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz +MTEyMTE3NTQ1M1oXDTE1MTExMTE3NTQ1M1owOjEQMA4GA1UEChMHRVhBTVBM +RTEmMCQGA1UEAxMdVFBTIEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590S +eob6Ee4+8A7ypAy0aJ9E8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE +77XZCpnz1Ddv/fQ71CZwLhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru +3R7ekVngXp8VE2N5VWBCkWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWej +tWaI7AvYuh7UWbaz+aPgGFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEM +I1m9FDbF6dIdH/zFSXEQO+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxq +jA3aXrIgNMh2wFgU4fcXAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUY6p+ucCt +MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo +dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v +Y3NwMA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQsFAAOCAQEAKPq8ro5J +Di7LVv45eUH5AYrOiMqa10qWDr5dEqFqn7FZ3sK4A8zx/pQc+Iz3LMaaapgl +hxXen9un2ZoAKqBJ3IES24nLr9xU+aS2vKZseGi7UZMHAxC/b3gerZvHY9p5 +CqWDPDO/ksnWikndaWvTZeqfXvqSvoJnDuwv/tCsLTTBzZ5ReTUiCAh91TXU +4LJCl8q/+IeBOvz9g+iFwICN6FiXrq5j5GJgA/NOHwCvwMpH+lmK+H4mvUlr +aVCWubitl7KqiepEyZAlyTuUX5t/u05xePVkaU/e3WijL6SSygcxH4Q9EQC8 +9PT07QwEbXSPXhv0n79x+Lhf4RuR4qZd4Q== +-----END CERTIFICATE----- + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18 (0x12) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:54:53 2013 + Not After : Wed Nov 11 17:54:53 2015 + Subject: CN=TPS Audit Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + d0:ba:55:c6:b3:d6:2f:2a:a6:cd:a7:d2:55:e7:dd:12: + 7a:86:fa:11:ee:3e:f0:0e:f2:a4:0c:b4:68:9f:44:f1: + bc:31:75:9d:d3:3f:d7:e5:32:61:45:d7:f1:29:a7:ca: + e2:4f:90:54:1e:77:f5:8f:71:e9:be:28:44:ef:b5:d9: + 0a:99:f3:d4:37:6f:fd:f4:3b:d4:26:70:2e:1c:76:5a: + 10:11:42:6e:bf:d3:bf:be:5f:50:3b:4d:90:0b:30:d9: + 40:45:02:ae:62:af:27:17:64:6e:dd:1e:de:91:59:e0: + 5e:9f:15:13:63:79:55:60:42:91:66:22:45:8e:40:c6: + dd:61:5b:6e:77:4a:24:ee:49:c2:17:c2:67:fd:29:ea: + 4c:07:62:f7:45:67:a3:b5:66:88:ec:0b:d8:ba:1e:d4: + 59:b6:b3:f9:a3:e0:18:5b:02:2e:2f:01:f3:04:2b:88: + 9f:61:c8:e5:a9:cd:df:04:6a:c1:a4:d6:9b:cc:f0:ff: + 14:82:71:0c:23:59:bd:14:36:c5:e9:d2:1d:1f:fc:c5: + 49:71:10:3b:e6:d3:1a:a4:2b:8b:da:05:9d:76:c3:fb: + 70:98:b6:0c:7a:7f:a8:7c:b3:4a:13:4e:f5:c3:6a:4c: + 6a:8c:0d:da:5e:b2:20:34:c8:76:c0:58:14:e1:f7:17 + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 28:fa:bc:ae:8e:49:0e:2e:cb:56:fe:39:79:41:f9:01: + 8a:ce:88:ca:9a:d7:4a:96:0e:be:5d:12:a1:6a:9f:b1: + 59:de:c2:b8:03:cc:f1:fe:94:1c:f8:8c:f7:2c:c6:9a: + 6a:98:25:87:15:de:9f:db:a7:d9:9a:00:2a:a0:49:dc: + 81:12:db:89:cb:af:dc:54:f9:a4:b6:bc:a6:6c:78:68: + bb:51:93:07:03:10:bf:6f:78:1e:ad:9b:c7:63:da:79: + 0a:a5:83:3c:33:bf:92:c9:d6:8a:49:dd:69:6b:d3:65: + ea:9f:5e:fa:92:be:82:67:0e:ec:2f:fe:d0:ac:2d:34: + c1:cd:9e:51:79:35:22:08:08:7d:d5:35:d4:e0:b2:42: + 97:ca:bf:f8:87:81:3a:fc:fd:83:e8:85:c0:80:8d:e8: + 58:97:ae:ae:63:e4:62:60:03:f3:4e:1f:00:af:c0:ca: + 47:fa:59:8a:f8:7e:26:bd:49:6b:69:50:96:b9:b8:ad: + 97:b2:aa:89:ea:44:c9:90:25:c9:3b:94:5f:9b:7f:bb: + 4e:71:78:f5:64:69:4f:de:dd:68:a3:2f:a4:92:ca:07: + 31:1f:84:3d:11:00:bc:f4:f4:f4:ed:0c:04:6d:74:8f: + 5e:1b:f4:9f:bf:71:f8:b8:5f:e1:1b:91:e2:a6:5d:e1 + Fingerprint (MD5): + 8C:A7:63:34:2C:55:22:B5:BA:22:5E:F8:BF:36:69:93 + Fingerprint (SHA1): + AC:AA:23:8E:CF:C0:A9:1C:BB:B5:1E:DC:82:D2:02:7D:0C:2B:F5:50 + + Certificate Trust Flags: + SSL Flags: + User + Email Flags: + User + Object Signing Flags: + Terminal Record + Trusted + User + + + audit_signing + audit_signing + + + + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + + true + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 14 + Token Processing System + Token Processing + Certificate Requests + + CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443 + External CA + + 3 + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=13&sslserver=&sslserver_cc=&subsystem=&subsystem_cc=&audit_signing=&audit_signing_cc=&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:01 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + + TPS Administrator + + + admin + dc=vm-084.idm.lab.bos.redhat.com-pki-tps + cn=directory manager + + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + + + + CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE + sslserver + SSL Server Certificate + + + + + CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE + subsystem + Subsystem Certificate + + + + + CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE + audit_signing + Audit Log Signing Certificate + + + + + + 1 + 2048 + vm-084.idm.lab.bos.redhat.com-pki-tps + + NSS Certificate DB + nistp256 + 2048 + 1 + + 0 + true + Token Processing System + localhost + 7888 + 7889 + true + <security_domain_instance_name> + nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + 1024,2048,3072,4096 + 0 + localhost + Token Processing System + 7890 + +

14

+ tps/admin/console/config/adminpanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + 389 + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS + + + + SSL Server Certificate + -----BEGIN NEW CERTIFICATE REQUEST----- +MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMddm0t +MDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8VWAvSv5V4LRR/MlGgZLf3 +yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpAwSVN1CWtrbflP5O9wkVF +kxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1pfW4Jb6O+vOUzHHNEfH3U +hFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwgdIxI1Q9jZZTiuupfu3Hq +Ipt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1XmBoIvIAJiDWUETBiB4X +iYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOvAqer08kY4ELo70uE1IWX +AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAjAtHz3uSFKDHpYgxCFKiAxSv +NUHdhIZO4DjEl6BuxvH2dkrMOeBuzmGUdB/dmprKvMBRtTwjopD/vbRTkKPc +bB4j92pVxlAUlAd4dvzuFGcK/mhB8kdmCXAAgBOPKlZgpHoWRRaEqbdFznjQ +KDz1lFE6Lb1Wpmcx9u6ZUWjHLd4sr+Ym+byXx9DroMBYV3rK35xUhpNlMjUM +PSX+Fqgx4ddGgpGm0kh9TlczNUMQb+kqds8c3SRCfUTZNo4cE/LOEDqkUdYy +XwTXjjAag7c6b7Dv8/OR4jNNrvAihn5YdlAo3aRssE6zQCKrOfN2bYy3uWMG ++VqC9saBiWkg8sgPbg== +-----END NEW CERTIFICATE REQUEST----- + -----BEGIN CERTIFICATE----- +MIIDlTCCAn2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF +WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz +MTEyMTE3NTQ0OVoXDTE1MTExMTE3NTQ0OVowOjEQMA4GA1UEChMHRVhBTVBM +RTEmMCQGA1UEAxMddm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8V +WAvSv5V4LRR/MlGgZLf3yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpA +wSVN1CWtrbflP5O9wkVFkxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1p +fW4Jb6O+vOUzHHNEfH3UhFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwg +dIxI1Q9jZZTiuupfu3HqIpt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1 +XmBoIvIAJiDWUETBiB4XiYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOv +Aqer08kY4ELo70uE1IWXAgMBAAGjgawwgakwHwYDVR0jBBgwFoAUY6p+ucCt +MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo +dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v +Y3NwMA4GA1UdDwEB/wQEAwIE8DAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYB +BQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQDbNeargy6K/gjb +kkkSgvyfB+evtAGk5O+6lHuAhWefvS4LEkY6VyfZ2q8FJ5i5emIX5udlCpaR +rd1B5czHsv/QRboUYSIVHcUAaQJyxakIF2gzfGtNiTDWFcNNdhLXfBkZMesy +F9azUAJyWIwe4i965F39si+V8MsdcMJB72K5Yk7/IPjANBoN5ZMxFQN1jODX +JRyaSSx34q+Gh+an7NtEGf7zYw04rWPctaLnojrBwtNi9WxSb5kQcrNL7QPl +L8ZwMl2xkiPLHIHMXzDSesqgpZNAdiMHy/KusfZRhfJPSc6gY7oM7fKyIdJS +hOq8/unh4rG37Ws7TLWxV3BNUv7R +-----END CERTIFICATE----- + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16 (0x10) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:54:49 2013 + Not After : Wed Nov 11 17:54:49 2015 + Subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + bf:f6:ad:7c:2f:ac:1a:31:29:b4:ff:ab:d0:0d:4f:15: + 58:0b:d2:bf:95:78:2d:14:7f:32:51:a0:64:b7:f7:c8: + 13:24:c0:3d:8c:08:61:4b:ce:88:6d:be:6c:da:d3:f3: + 9f:ab:6f:2b:6a:2c:12:99:6e:58:65:6a:40:c1:25:4d: + d4:25:ad:ad:b7:e5:3f:93:bd:c2:45:45:93:1c:b9:92: + 2e:f6:41:67:23:2a:fc:28:24:17:91:f2:b5:e1:49:d9: + 14:95:bc:79:07:25:75:78:7d:69:7d:6e:09:6f:a3:be: + bc:e5:33:1c:73:44:7c:7d:d4:84:50:ee:2b:9d:f9:56: + c4:28:3c:b3:72:c3:4b:32:b3:3f:64:f0:08:d7:3f:33: + ab:14:6a:69:43:3c:20:74:8c:48:d5:0f:63:65:94:e2: + ba:ea:5f:bb:71:ea:22:9b:7b:39:1a:5d:77:69:10:45: + 3c:ae:0b:35:fe:f5:3a:78:fe:c8:63:93:ce:e2:a9:72: + ec:31:8b:b5:5e:60:68:22:f2:00:26:20:d6:50:44:c1: + 88:1e:17:89:8b:22:14:cf:f2:5c:cd:d7:99:5b:95:f9: + 22:50:fb:1b:75:5c:82:5c:43:ea:4c:d8:ed:91:0a:43: + af:02:a7:ab:d3:c9:18:e0:42:e8:ef:4b:84:d4:85:97 + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Key Encipherment + Data Encipherment + + Name: Extended Key Usage + TLS Web Server Authentication Certificate + TLS Web Client Authentication Certificate + E-Mail Protection Certificate + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + db:35:e6:ab:83:2e:8a:fe:08:db:92:49:12:82:fc:9f: + 07:e7:af:b4:01:a4:e4:ef:ba:94:7b:80:85:67:9f:bd: + 2e:0b:12:46:3a:57:27:d9:da:af:05:27:98:b9:7a:62: + 17:e6:e7:65:0a:96:91:ad:dd:41:e5:cc:c7:b2:ff:d0: + 45:ba:14:61:22:15:1d:c5:00:69:02:72:c5:a9:08:17: + 68:33:7c:6b:4d:89:30:d6:15:c3:4d:76:12:d7:7c:19: + 19:31:eb:32:17:d6:b3:50:02:72:58:8c:1e:e2:2f:7a: + e4:5d:fd:b2:2f:95:f0:cb:1d:70:c2:41:ef:62:b9:62: + 4e:ff:20:f8:c0:34:1a:0d:e5:93:31:15:03:75:8c:e0: + d7:25:1c:9a:49:2c:77:e2:af:86:87:e6:a7:ec:db:44: + 19:fe:f3:63:0d:38:ad:63:dc:b5:a2:e7:a2:3a:c1:c2: + d3:62:f5:6c:52:6f:99:10:72:b3:4b:ed:03:e5:2f:c6: + 70:32:5d:b1:92:23:cb:1c:81:cc:5f:30:d2:7a:ca:a0: + a5:93:40:76:23:07:cb:f2:ae:b1:f6:51:85:f2:4f:49: + ce:a0:63:ba:0c:ed:f2:b2:21:d2:52:84:ea:bc:fe:e9: + e1:e2:b1:b7:ed:6b:3b:4c:b5:b1:57:70:4d:52:fe:d1 + Fingerprint (MD5): + 5B:BA:5A:1E:52:1A:ED:13:AB:E3:19:4F:A9:A0:F7:F3 + Fingerprint (SHA1): + C5:E3:BA:90:42:9E:A2:8A:80:ED:A7:DE:D7:4A:BB:EC:9B:A1:27:31 + + Certificate Trust Flags: + SSL Flags: + User + Email Flags: + User + Object Signing Flags: + User + + + sslserver + sslserver + + + + + Subsystem Certificate + -----BEGIN NEW CERTIFICATE REQUEST----- +MIICezCCAWMCAQAwNjEQMA4GA1UEChMHRVhBTVBMRTEiMCAGA1UEAxMZVFBT +IFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0AjjFK2Jg20ip1tcP5/8R2n +xTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIzobfBbamW7vzML4mL9bwP +jh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB3/ctf+fPTIdtWZ12pIJP +K9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ0lh6w+MyJ2GBjbpK3r8p +GuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qRW5yPbgIWqPSR7uwOL7Vi +MrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcxQftG4o7vh0eThG0CAwEA +AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAV8clzGabViitCdWmz2DeE4alTiYqa +HWeXno4nKCXBttdkgrr4lu1hNfIjJSxHfj1R+FmAz27jtvA/0bDdBXRuTyzx +ROhZ7raoMymQCW+w8tYO/ThaVQLijx+muX13gfCU0Bxq5+WDRJY4P4TCa49P +3RBMziTc7kVagdmjhWYjnwRyWr8acOo4qEoo/X0wLC01MAe24OyKbfCt+FbT +6PgjCVUAQ5HjmeWXyZQc89iZrkz2XVTFwQUKieni47pAVSL/Abkng2U8czIw +cbBbP6DFO9t2L2Dye9z9LaA9jwSPVaRyKUdOEfemK75kQRLixs2BXUEeZazQ +QgPZ9cJsptbf +-----END NEW CERTIFICATE REQUEST----- + -----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIBETANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF +WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz +MTEyMTE3NTQ1MFoXDTE1MTExMTE3NTQ1MFowNjEQMA4GA1UEChMHRVhBTVBM +RTEiMCAGA1UEAxMZVFBTIFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0Aj +jFK2Jg20ip1tcP5/8R2nxTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIz +obfBbamW7vzML4mL9bwPjh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB +3/ctf+fPTIdtWZ12pIJPK9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ +0lh6w+MyJ2GBjbpK3r8pGuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qR +W5yPbgIWqPSR7uwOL7ViMrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcx +QftG4o7vh0eThG0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBRjqn65wK0yKEDu +gzfgeN+hflzSRDBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGGMWh0dHA6 +Ly92bS0wODQuaWRtLmxhYi5ib3MucmVkaGF0LmNvbTo4MDgwL2NhL29jc3Aw +DgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4IBAQDRBXrEAqLiecW5Xh0yEwgGbcDtpRO2BCbFp3F2W8wURlo0 +axinBQCwdDGkgkXCodyib/CkJk0E5MpbJ6+q6/VLgByyzpGk1uNVIBvlfRtG +TXvU41MrjGjhVANz/uYUA7P96sWxNu8OYQv4mlyh5BDk3itYqfuIN9pLkvRL +SKGqRr+ot6hBMweysCT8I4jMBtFFXszCmithBR4x9O+n7QUcIYWrxKkT9Fm8 +PvHFeb8dMNWU7etAxQVrc/ewZbeYG+S01PFj1lopATHxZqFSCjB6RukjiIe0 +BfNUbzfputLXPUuZu0d/z5EhT+fgNKXUb9zeYFsqebP1ln/JsOJ0MJ4/ +-----END CERTIFICATE----- + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17 (0x11) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:54:50 2013 + Not After : Wed Nov 11 17:54:50 2015 + Subject: CN=TPS Subsystem Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + b0:81:63:41:45:31:21:56:27:2e:86:ee:03:7d:e2:1f: + 1b:b3:40:23:8c:52:b6:26:0d:b4:8a:9d:6d:70:fe:7f: + f1:1d:a7:c5:32:da:ab:cf:8e:0f:15:05:1a:dd:dd:d6: + f8:66:b5:f2:88:a0:3d:61:a7:a9:8c:c4:ac:90:82:f2: + 33:a1:b7:c1:6d:a9:96:ee:fc:cc:2f:89:8b:f5:bc:0f: + 8e:1f:af:79:00:b4:86:ac:d9:8b:c6:ed:e3:3d:56:a4: + 42:3a:45:99:18:18:38:a2:bb:dc:b1:d4:d5:81:df:f7: + 2d:7f:e7:cf:4c:87:6d:59:9d:76:a4:82:4f:2b:d0:33: + cb:64:47:20:15:6f:49:1a:ae:52:5c:72:b9:a4:1d:d7: + 12:7c:56:04:53:fd:8f:c3:0d:23:89:d2:58:7a:c3:e3: + 32:27:61:81:8d:ba:4a:de:bf:29:1a:e3:67:39:4a:79: + ff:54:9a:66:d6:38:01:80:a1:d6:1e:f2:34:d5:81:60: + ba:10:06:64:d6:df:ea:91:5b:9c:8f:6e:02:16:a8:f4: + 91:ee:ec:0e:2f:b5:62:32:bc:47:3a:58:e7:fc:5a:e9: + 63:74:30:00:cb:2d:16:7c:05:e5:b3:93:df:ab:bd:ea: + da:58:40:f7:31:41:fb:46:e2:8e:ef:87:47:93:84:6d + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Key Encipherment + Data Encipherment + + Name: Extended Key Usage + TLS Web Client Authentication Certificate + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + d1:05:7a:c4:02:a2:e2:79:c5:b9:5e:1d:32:13:08:06: + 6d:c0:ed:a5:13:b6:04:26:c5:a7:71:76:5b:cc:14:46: + 5a:34:6b:18:a7:05:00:b0:74:31:a4:82:45:c2:a1:dc: + a2:6f:f0:a4:26:4d:04:e4:ca:5b:27:af:aa:eb:f5:4b: + 80:1c:b2:ce:91:a4:d6:e3:55:20:1b:e5:7d:1b:46:4d: + 7b:d4:e3:53:2b:8c:68:e1:54:03:73:fe:e6:14:03:b3: + fd:ea:c5:b1:36:ef:0e:61:0b:f8:9a:5c:a1:e4:10:e4: + de:2b:58:a9:fb:88:37:da:4b:92:f4:4b:48:a1:aa:46: + bf:a8:b7:a8:41:33:07:b2:b0:24:fc:23:88:cc:06:d1: + 45:5e:cc:c2:9a:2b:61:05:1e:31:f4:ef:a7:ed:05:1c: + 21:85:ab:c4:a9:13:f4:59:bc:3e:f1:c5:79:bf:1d:30: + d5:94:ed:eb:40:c5:05:6b:73:f7:b0:65:b7:98:1b:e4: + b4:d4:f1:63:d6:5a:29:01:31:f1:66:a1:52:0a:30:7a: + 46:e9:23:88:87:b4:05:f3:54:6f:37:e9:ba:d2:d7:3d: + 4b:99:bb:47:7f:cf:91:21:4f:e7:e0:34:a5:d4:6f:dc: + de:60:5b:2a:79:b3:f5:96:7f:c9:b0:e2:74:30:9e:3f + Fingerprint (MD5): + 33:E4:65:72:E7:73:63:F6:4D:F3:0D:1B:79:4B:51:BA + Fingerprint (SHA1): + 2B:3B:C2:42:09:1F:DC:3C:E8:DD:1C:2E:27:CB:22:34:4B:F2:2A:A9 + + Certificate Trust Flags: + SSL Flags: + User + Email Flags: + User + Object Signing Flags: + User + + + subsystem + subsystem + + + + + Audit Log Signing Certificate + -----BEGIN NEW CERTIFICATE REQUEST----- +MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMdVFBT +IEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590Seob6Ee4+8A7ypAy0aJ9E +8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE77XZCpnz1Ddv/fQ71CZw +Lhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru3R7ekVngXp8VE2N5VWBC +kWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWejtWaI7AvYuh7UWbaz+aPg +GFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEMI1m9FDbF6dIdH/zFSXEQ +O+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxqjA3aXrIgNMh2wFgU4fcX +AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAk7D7vqIVUQPPchUR6MWoHyM3 +w5og8cRPE3nJQKPMhy+z1dBC67iTlPDM12entGVC+r4snbvNAfzibV/u9G4z +IurRS42vLls06hCHe2+jDr2xrpHf5iM4QExQuMSFZ9+N0xXg5ytDvWLi/LtI +YProlIaSmOdndJDQr6KPtsGb2My7a4iMBV/qVSD9A6bblbxJNPFHoiTuYj72 +7fWNT0JH2g0OmqZa5lx1o4q8dWAfKlrsMGB7OTRyJ7Y2V7FGgY50isrcxnuw +XTCPxOQGEL2T/F5q/4F+ZyJix1SfhoQys4RBXxvQbhNvbPIAHtHg/5bcbPMN +GNlW6BI4kN+UNRYGtQ== +-----END NEW CERTIFICATE REQUEST----- + -----BEGIN CERTIFICATE----- +MIIDbDCCAlSgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF +WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz +MTEyMTE3NTQ1M1oXDTE1MTExMTE3NTQ1M1owOjEQMA4GA1UEChMHRVhBTVBM +RTEmMCQGA1UEAxMdVFBTIEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590S +eob6Ee4+8A7ypAy0aJ9E8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE +77XZCpnz1Ddv/fQ71CZwLhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru +3R7ekVngXp8VE2N5VWBCkWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWej +tWaI7AvYuh7UWbaz+aPgGFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEM +I1m9FDbF6dIdH/zFSXEQO+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxq +jA3aXrIgNMh2wFgU4fcXAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUY6p+ucCt +MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo +dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v +Y3NwMA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQsFAAOCAQEAKPq8ro5J +Di7LVv45eUH5AYrOiMqa10qWDr5dEqFqn7FZ3sK4A8zx/pQc+Iz3LMaaapgl +hxXen9un2ZoAKqBJ3IES24nLr9xU+aS2vKZseGi7UZMHAxC/b3gerZvHY9p5 +CqWDPDO/ksnWikndaWvTZeqfXvqSvoJnDuwv/tCsLTTBzZ5ReTUiCAh91TXU +4LJCl8q/+IeBOvz9g+iFwICN6FiXrq5j5GJgA/NOHwCvwMpH+lmK+H4mvUlr +aVCWubitl7KqiepEyZAlyTuUX5t/u05xePVkaU/e3WijL6SSygcxH4Q9EQC8 +9PT07QwEbXSPXhv0n79x+Lhf4RuR4qZd4Q== +-----END CERTIFICATE----- + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18 (0x12) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:54:53 2013 + Not After : Wed Nov 11 17:54:53 2015 + Subject: CN=TPS Audit Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + d0:ba:55:c6:b3:d6:2f:2a:a6:cd:a7:d2:55:e7:dd:12: + 7a:86:fa:11:ee:3e:f0:0e:f2:a4:0c:b4:68:9f:44:f1: + bc:31:75:9d:d3:3f:d7:e5:32:61:45:d7:f1:29:a7:ca: + e2:4f:90:54:1e:77:f5:8f:71:e9:be:28:44:ef:b5:d9: + 0a:99:f3:d4:37:6f:fd:f4:3b:d4:26:70:2e:1c:76:5a: + 10:11:42:6e:bf:d3:bf:be:5f:50:3b:4d:90:0b:30:d9: + 40:45:02:ae:62:af:27:17:64:6e:dd:1e:de:91:59:e0: + 5e:9f:15:13:63:79:55:60:42:91:66:22:45:8e:40:c6: + dd:61:5b:6e:77:4a:24:ee:49:c2:17:c2:67:fd:29:ea: + 4c:07:62:f7:45:67:a3:b5:66:88:ec:0b:d8:ba:1e:d4: + 59:b6:b3:f9:a3:e0:18:5b:02:2e:2f:01:f3:04:2b:88: + 9f:61:c8:e5:a9:cd:df:04:6a:c1:a4:d6:9b:cc:f0:ff: + 14:82:71:0c:23:59:bd:14:36:c5:e9:d2:1d:1f:fc:c5: + 49:71:10:3b:e6:d3:1a:a4:2b:8b:da:05:9d:76:c3:fb: + 70:98:b6:0c:7a:7f:a8:7c:b3:4a:13:4e:f5:c3:6a:4c: + 6a:8c:0d:da:5e:b2:20:34:c8:76:c0:58:14:e1:f7:17 + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 28:fa:bc:ae:8e:49:0e:2e:cb:56:fe:39:79:41:f9:01: + 8a:ce:88:ca:9a:d7:4a:96:0e:be:5d:12:a1:6a:9f:b1: + 59:de:c2:b8:03:cc:f1:fe:94:1c:f8:8c:f7:2c:c6:9a: + 6a:98:25:87:15:de:9f:db:a7:d9:9a:00:2a:a0:49:dc: + 81:12:db:89:cb:af:dc:54:f9:a4:b6:bc:a6:6c:78:68: + bb:51:93:07:03:10:bf:6f:78:1e:ad:9b:c7:63:da:79: + 0a:a5:83:3c:33:bf:92:c9:d6:8a:49:dd:69:6b:d3:65: + ea:9f:5e:fa:92:be:82:67:0e:ec:2f:fe:d0:ac:2d:34: + c1:cd:9e:51:79:35:22:08:08:7d:d5:35:d4:e0:b2:42: + 97:ca:bf:f8:87:81:3a:fc:fd:83:e8:85:c0:80:8d:e8: + 58:97:ae:ae:63:e4:62:60:03:f3:4e:1f:00:af:c0:ca: + 47:fa:59:8a:f8:7e:26:bd:49:6b:69:50:96:b9:b8:ad: + 97:b2:aa:89:ea:44:c9:90:25:c9:3b:94:5f:9b:7f:bb: + 4e:71:78:f5:64:69:4f:de:dd:68:a3:2f:a4:92:ca:07: + 31:1f:84:3d:11:00:bc:f4:f4:f4:ed:0c:04:6d:74:8f: + 5e:1b:f4:9f:bf:71:f8:b8:5f:e1:1b:91:e2:a6:5d:e1 + Fingerprint (MD5): + 8C:A7:63:34:2C:55:22:B5:BA:22:5E:F8:BF:36:69:93 + Fingerprint (SHA1): + AC:AA:23:8E:CF:C0:A9:1C:BB:B5:1E:DC:82:D2:02:7D:0C:2B:F5:50 + + Certificate Trust Flags: + SSL Flags: + User + Email Flags: + User + Object Signing Flags: + Terminal Record + Trusted + User + + + audit_signing + audit_signing + + + + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + EXAMPLE + + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 15 + Token Processing System + Token Processing + Administrator + + CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443 + External CA + + 3 + +Sleeping for 5 secs.. +CRYPTO INIT WITH CERTDB:/home/edewata/Projects/pki-dev/certs/tps +Crypto manager already initialized +Debug : initialize crypto Manager +INITIALIZATION ERROR: org.mozilla.jss.crypto.AlreadyInitializedException +cdir = /home/edewata/Projects/pki-dev/certs/tps +Debug : before getInstance +Debug : before get token +Debug : before login password +Debug : after login password +CRMF_REQUEST = MIIBqjCCAaYwggGaAgEBMIIBkYABAqVmMGQxEDAOBgNVBAoMB0VYQU1QTEUxIzAh +BgkqhkiG9w0BCQEWFHRwc2FkbWluQGV4YW1wbGUuY29tMRgwFgYKCZImiZPyLGQB +AQwIdHBzYWRtaW4xETAPBgNVBAMMCHRwc2FkbWlupoIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAvS/Qy27oL6ttnTVtJ86FsmrtrJ/lJMax4P1BAFmlFyEJ +wOizJzo6VPVl41Pzzo3NNejnH8PYZzXVcJjAYmnq7jMb0VRwdR1jUp4eIIzA+IAe +Fwy+dpoV++OAHwZzd1Bwmi2cLEKe1EM5jjGm41/Sl+CvVSP5G29ASbjHvoENEnf3 +8DA4Z5xYNgTZE67kjp45SJSCMkDS0z5FLc7KGn2twEHR8dPvjvppnmLPmT/BX3kD +fzyY9/Sfh0964kNXmJJ1vtvp6ZDsKjw6gl33yPOpSxwWro5xiX/WmF4jCNJOmNHA ++RXHx9BCIEdQDg2Ae5JanMFWgYHtbRrO4ERXJ3vMXwIDAQABMACiBoAEAwADAA== + +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=14&uid=tpsadmin&name=TPS+Administrator&email=tpsadmin%40example.com&__pwd=Secret123&__admin_password_again=Secret123&cert_request=MIIBqjCCAaYwggGaAgEBMIIBkYABAqVmMGQxEDAOBgNVBAoMB0VYQU1QTEUxIzAh%0D%0ABgkqhkiG9w0BCQEWFHRwc2FkbWluQGV4YW1wbGUuY29tMRgwFgYKCZImiZPyLGQB%0D%0AAQwIdHBzYWRtaW4xETAPBgNVBAMMCHRwc2FkbWlupoIBIjANBgkqhkiG9w0BAQEF%0D%0AAAOCAQ8AMIIBCgKCAQEAvS%2FQy27oL6ttnTVtJ86FsmrtrJ%2FlJMax4P1BAFmlFyEJ%0D%0AwOizJzo6VPVl41Pzzo3NNejnH8PYZzXVcJjAYmnq7jMb0VRwdR1jUp4eIIzA%2BIAe%0D%0AFwy%2BdpoV%2B%2BOAHwZzd1Bwmi2cLEKe1EM5jjGm41%2FSl%2BCvVSP5G29ASbjHvoENEnf3%0D%0A8DA4Z5xYNgTZE67kjp45SJSCMkDS0z5FLc7KGn2twEHR8dPvjvppnmLPmT%2FBX3kD%0D%0AfzyY9%2FSfh0964kNXmJJ1vtvp6ZDsKjw6gl33yPOpSxwWro5xiX%2FWmF4jCNJOmNHA%0D%0A%2BRXHx9BCIEdQDg2Ae5JanMFWgYHtbRrO4ERXJ3vMXwIDAQABMACiBoAEAwADAA%3D%3D%0D%0A&display=0&profileId=caAdminCert&cert_request_type=crmf&import=true&uid=tpsadmin&clone=0&securitydomain=EXAMPLE&subject=CN%3Dtpsadmin%2CUID%3Dtpsadmin%2CE%3Dtpsadmin%40example.com%2CO%3DEXAMPLE&requestor_name=TPS-vm-084.idm.lab.bos.redhat.com-7890&sessionID=5892650296702736989&auth_hostname=vm-084.idm.lab.bos.redhat.com&auth_port=8443&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:09 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + + TPS Administrator + + + admin + dc=vm-084.idm.lab.bos.redhat.com-pki-tps + cn=directory manager + + false + vm-084.idm.lab.bos.redhat.com + 8443 + ca + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + + + + CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE + sslserver + SSL Server Certificate + + + + + CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE + subsystem + Subsystem Certificate + + + + + CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE + audit_signing + Audit Log Signing Certificate + + + + + + 1 + 2048 + vm-084.idm.lab.bos.redhat.com-pki-tps + + NSS Certificate DB + nistp256 + 2048 + 1 + + 0 + true + Token Processing System + localhost + 7888 + 7889 + true + + <security_domain_instance_name> + nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + 1024,2048,3072,4096 + 0 + localhost + Token Processing System + 7890 + +

15

+ tps/admin/console/config/importadmincertpanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + 389 + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS + + + + SSL Server Certificate + -----BEGIN NEW CERTIFICATE REQUEST----- +MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMddm0t +MDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8VWAvSv5V4LRR/MlGgZLf3 +yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpAwSVN1CWtrbflP5O9wkVF +kxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1pfW4Jb6O+vOUzHHNEfH3U +hFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwgdIxI1Q9jZZTiuupfu3Hq +Ipt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1XmBoIvIAJiDWUETBiB4X +iYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOvAqer08kY4ELo70uE1IWX +AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAjAtHz3uSFKDHpYgxCFKiAxSv +NUHdhIZO4DjEl6BuxvH2dkrMOeBuzmGUdB/dmprKvMBRtTwjopD/vbRTkKPc +bB4j92pVxlAUlAd4dvzuFGcK/mhB8kdmCXAAgBOPKlZgpHoWRRaEqbdFznjQ +KDz1lFE6Lb1Wpmcx9u6ZUWjHLd4sr+Ym+byXx9DroMBYV3rK35xUhpNlMjUM +PSX+Fqgx4ddGgpGm0kh9TlczNUMQb+kqds8c3SRCfUTZNo4cE/LOEDqkUdYy +XwTXjjAag7c6b7Dv8/OR4jNNrvAihn5YdlAo3aRssE6zQCKrOfN2bYy3uWMG ++VqC9saBiWkg8sgPbg== +-----END NEW CERTIFICATE REQUEST----- + -----BEGIN CERTIFICATE----- +MIIDlTCCAn2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF +WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz +MTEyMTE3NTQ0OVoXDTE1MTExMTE3NTQ0OVowOjEQMA4GA1UEChMHRVhBTVBM +RTEmMCQGA1UEAxMddm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/9q18L6waMSm0/6vQDU8V +WAvSv5V4LRR/MlGgZLf3yBMkwD2MCGFLzohtvmza0/Ofq28raiwSmW5YZWpA +wSVN1CWtrbflP5O9wkVFkxy5ki72QWcjKvwoJBeR8rXhSdkUlbx5ByV1eH1p +fW4Jb6O+vOUzHHNEfH3UhFDuK535VsQoPLNyw0sysz9k8AjXPzOrFGppQzwg +dIxI1Q9jZZTiuupfu3HqIpt7ORpdd2kQRTyuCzX+9Tp4/shjk87iqXLsMYu1 +XmBoIvIAJiDWUETBiB4XiYsiFM/yXM3XmVuV+SJQ+xt1XIJcQ+pM2O2RCkOv +Aqer08kY4ELo70uE1IWXAgMBAAGjgawwgakwHwYDVR0jBBgwFoAUY6p+ucCt +MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo +dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v +Y3NwMA4GA1UdDwEB/wQEAwIE8DAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYB +BQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQDbNeargy6K/gjb +kkkSgvyfB+evtAGk5O+6lHuAhWefvS4LEkY6VyfZ2q8FJ5i5emIX5udlCpaR +rd1B5czHsv/QRboUYSIVHcUAaQJyxakIF2gzfGtNiTDWFcNNdhLXfBkZMesy +F9azUAJyWIwe4i965F39si+V8MsdcMJB72K5Yk7/IPjANBoN5ZMxFQN1jODX +JRyaSSx34q+Gh+an7NtEGf7zYw04rWPctaLnojrBwtNi9WxSb5kQcrNL7QPl +L8ZwMl2xkiPLHIHMXzDSesqgpZNAdiMHy/KusfZRhfJPSc6gY7oM7fKyIdJS +hOq8/unh4rG37Ws7TLWxV3BNUv7R +-----END CERTIFICATE----- + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16 (0x10) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:54:49 2013 + Not After : Wed Nov 11 17:54:49 2015 + Subject: CN=vm-084.idm.lab.bos.redhat.com,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + bf:f6:ad:7c:2f:ac:1a:31:29:b4:ff:ab:d0:0d:4f:15: + 58:0b:d2:bf:95:78:2d:14:7f:32:51:a0:64:b7:f7:c8: + 13:24:c0:3d:8c:08:61:4b:ce:88:6d:be:6c:da:d3:f3: + 9f:ab:6f:2b:6a:2c:12:99:6e:58:65:6a:40:c1:25:4d: + d4:25:ad:ad:b7:e5:3f:93:bd:c2:45:45:93:1c:b9:92: + 2e:f6:41:67:23:2a:fc:28:24:17:91:f2:b5:e1:49:d9: + 14:95:bc:79:07:25:75:78:7d:69:7d:6e:09:6f:a3:be: + bc:e5:33:1c:73:44:7c:7d:d4:84:50:ee:2b:9d:f9:56: + c4:28:3c:b3:72:c3:4b:32:b3:3f:64:f0:08:d7:3f:33: + ab:14:6a:69:43:3c:20:74:8c:48:d5:0f:63:65:94:e2: + ba:ea:5f:bb:71:ea:22:9b:7b:39:1a:5d:77:69:10:45: + 3c:ae:0b:35:fe:f5:3a:78:fe:c8:63:93:ce:e2:a9:72: + ec:31:8b:b5:5e:60:68:22:f2:00:26:20:d6:50:44:c1: + 88:1e:17:89:8b:22:14:cf:f2:5c:cd:d7:99:5b:95:f9: + 22:50:fb:1b:75:5c:82:5c:43:ea:4c:d8:ed:91:0a:43: + af:02:a7:ab:d3:c9:18:e0:42:e8:ef:4b:84:d4:85:97 + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Key Encipherment + Data Encipherment + + Name: Extended Key Usage + TLS Web Server Authentication Certificate + TLS Web Client Authentication Certificate + E-Mail Protection Certificate + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + db:35:e6:ab:83:2e:8a:fe:08:db:92:49:12:82:fc:9f: + 07:e7:af:b4:01:a4:e4:ef:ba:94:7b:80:85:67:9f:bd: + 2e:0b:12:46:3a:57:27:d9:da:af:05:27:98:b9:7a:62: + 17:e6:e7:65:0a:96:91:ad:dd:41:e5:cc:c7:b2:ff:d0: + 45:ba:14:61:22:15:1d:c5:00:69:02:72:c5:a9:08:17: + 68:33:7c:6b:4d:89:30:d6:15:c3:4d:76:12:d7:7c:19: + 19:31:eb:32:17:d6:b3:50:02:72:58:8c:1e:e2:2f:7a: + e4:5d:fd:b2:2f:95:f0:cb:1d:70:c2:41:ef:62:b9:62: + 4e:ff:20:f8:c0:34:1a:0d:e5:93:31:15:03:75:8c:e0: + d7:25:1c:9a:49:2c:77:e2:af:86:87:e6:a7:ec:db:44: + 19:fe:f3:63:0d:38:ad:63:dc:b5:a2:e7:a2:3a:c1:c2: + d3:62:f5:6c:52:6f:99:10:72:b3:4b:ed:03:e5:2f:c6: + 70:32:5d:b1:92:23:cb:1c:81:cc:5f:30:d2:7a:ca:a0: + a5:93:40:76:23:07:cb:f2:ae:b1:f6:51:85:f2:4f:49: + ce:a0:63:ba:0c:ed:f2:b2:21:d2:52:84:ea:bc:fe:e9: + e1:e2:b1:b7:ed:6b:3b:4c:b5:b1:57:70:4d:52:fe:d1 + Fingerprint (MD5): + 5B:BA:5A:1E:52:1A:ED:13:AB:E3:19:4F:A9:A0:F7:F3 + Fingerprint (SHA1): + C5:E3:BA:90:42:9E:A2:8A:80:ED:A7:DE:D7:4A:BB:EC:9B:A1:27:31 + + Certificate Trust Flags: + SSL Flags: + User + Email Flags: + User + Object Signing Flags: + User + + + sslserver + sslserver + + + + + Subsystem Certificate + -----BEGIN NEW CERTIFICATE REQUEST----- +MIICezCCAWMCAQAwNjEQMA4GA1UEChMHRVhBTVBMRTEiMCAGA1UEAxMZVFBT +IFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0AjjFK2Jg20ip1tcP5/8R2n +xTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIzobfBbamW7vzML4mL9bwP +jh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB3/ctf+fPTIdtWZ12pIJP +K9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ0lh6w+MyJ2GBjbpK3r8p +GuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qRW5yPbgIWqPSR7uwOL7Vi +MrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcxQftG4o7vh0eThG0CAwEA +AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAV8clzGabViitCdWmz2DeE4alTiYqa +HWeXno4nKCXBttdkgrr4lu1hNfIjJSxHfj1R+FmAz27jtvA/0bDdBXRuTyzx +ROhZ7raoMymQCW+w8tYO/ThaVQLijx+muX13gfCU0Bxq5+WDRJY4P4TCa49P +3RBMziTc7kVagdmjhWYjnwRyWr8acOo4qEoo/X0wLC01MAe24OyKbfCt+FbT +6PgjCVUAQ5HjmeWXyZQc89iZrkz2XVTFwQUKieni47pAVSL/Abkng2U8czIw +cbBbP6DFO9t2L2Dye9z9LaA9jwSPVaRyKUdOEfemK75kQRLixs2BXUEeZazQ +QgPZ9cJsptbf +-----END NEW CERTIFICATE REQUEST----- + -----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIBETANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF +WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz +MTEyMTE3NTQ1MFoXDTE1MTExMTE3NTQ1MFowNjEQMA4GA1UEChMHRVhBTVBM +RTEiMCAGA1UEAxMZVFBTIFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALCBY0FFMSFWJy6G7gN94h8bs0Aj +jFK2Jg20ip1tcP5/8R2nxTLaq8+ODxUFGt3d1vhmtfKIoD1hp6mMxKyQgvIz +obfBbamW7vzML4mL9bwPjh+veQC0hqzZi8bt4z1WpEI6RZkYGDiiu9yx1NWB +3/ctf+fPTIdtWZ12pIJPK9Azy2RHIBVvSRquUlxyuaQd1xJ8VgRT/Y/DDSOJ +0lh6w+MyJ2GBjbpK3r8pGuNnOUp5/1SaZtY4AYCh1h7yNNWBYLoQBmTW3+qR +W5yPbgIWqPSR7uwOL7ViMrxHOljn/FrpY3QwAMstFnwF5bOT36u96tpYQPcx +QftG4o7vh0eThG0CAwEAAaOBmDCBlTAfBgNVHSMEGDAWgBRjqn65wK0yKEDu +gzfgeN+hflzSRDBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGGMWh0dHA6 +Ly92bS0wODQuaWRtLmxhYi5ib3MucmVkaGF0LmNvbTo4MDgwL2NhL29jc3Aw +DgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3 +DQEBCwUAA4IBAQDRBXrEAqLiecW5Xh0yEwgGbcDtpRO2BCbFp3F2W8wURlo0 +axinBQCwdDGkgkXCodyib/CkJk0E5MpbJ6+q6/VLgByyzpGk1uNVIBvlfRtG +TXvU41MrjGjhVANz/uYUA7P96sWxNu8OYQv4mlyh5BDk3itYqfuIN9pLkvRL +SKGqRr+ot6hBMweysCT8I4jMBtFFXszCmithBR4x9O+n7QUcIYWrxKkT9Fm8 +PvHFeb8dMNWU7etAxQVrc/ewZbeYG+S01PFj1lopATHxZqFSCjB6RukjiIe0 +BfNUbzfputLXPUuZu0d/z5EhT+fgNKXUb9zeYFsqebP1ln/JsOJ0MJ4/ +-----END CERTIFICATE----- + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17 (0x11) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:54:50 2013 + Not After : Wed Nov 11 17:54:50 2015 + Subject: CN=TPS Subsystem Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + b0:81:63:41:45:31:21:56:27:2e:86:ee:03:7d:e2:1f: + 1b:b3:40:23:8c:52:b6:26:0d:b4:8a:9d:6d:70:fe:7f: + f1:1d:a7:c5:32:da:ab:cf:8e:0f:15:05:1a:dd:dd:d6: + f8:66:b5:f2:88:a0:3d:61:a7:a9:8c:c4:ac:90:82:f2: + 33:a1:b7:c1:6d:a9:96:ee:fc:cc:2f:89:8b:f5:bc:0f: + 8e:1f:af:79:00:b4:86:ac:d9:8b:c6:ed:e3:3d:56:a4: + 42:3a:45:99:18:18:38:a2:bb:dc:b1:d4:d5:81:df:f7: + 2d:7f:e7:cf:4c:87:6d:59:9d:76:a4:82:4f:2b:d0:33: + cb:64:47:20:15:6f:49:1a:ae:52:5c:72:b9:a4:1d:d7: + 12:7c:56:04:53:fd:8f:c3:0d:23:89:d2:58:7a:c3:e3: + 32:27:61:81:8d:ba:4a:de:bf:29:1a:e3:67:39:4a:79: + ff:54:9a:66:d6:38:01:80:a1:d6:1e:f2:34:d5:81:60: + ba:10:06:64:d6:df:ea:91:5b:9c:8f:6e:02:16:a8:f4: + 91:ee:ec:0e:2f:b5:62:32:bc:47:3a:58:e7:fc:5a:e9: + 63:74:30:00:cb:2d:16:7c:05:e5:b3:93:df:ab:bd:ea: + da:58:40:f7:31:41:fb:46:e2:8e:ef:87:47:93:84:6d + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Key Encipherment + Data Encipherment + + Name: Extended Key Usage + TLS Web Client Authentication Certificate + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + d1:05:7a:c4:02:a2:e2:79:c5:b9:5e:1d:32:13:08:06: + 6d:c0:ed:a5:13:b6:04:26:c5:a7:71:76:5b:cc:14:46: + 5a:34:6b:18:a7:05:00:b0:74:31:a4:82:45:c2:a1:dc: + a2:6f:f0:a4:26:4d:04:e4:ca:5b:27:af:aa:eb:f5:4b: + 80:1c:b2:ce:91:a4:d6:e3:55:20:1b:e5:7d:1b:46:4d: + 7b:d4:e3:53:2b:8c:68:e1:54:03:73:fe:e6:14:03:b3: + fd:ea:c5:b1:36:ef:0e:61:0b:f8:9a:5c:a1:e4:10:e4: + de:2b:58:a9:fb:88:37:da:4b:92:f4:4b:48:a1:aa:46: + bf:a8:b7:a8:41:33:07:b2:b0:24:fc:23:88:cc:06:d1: + 45:5e:cc:c2:9a:2b:61:05:1e:31:f4:ef:a7:ed:05:1c: + 21:85:ab:c4:a9:13:f4:59:bc:3e:f1:c5:79:bf:1d:30: + d5:94:ed:eb:40:c5:05:6b:73:f7:b0:65:b7:98:1b:e4: + b4:d4:f1:63:d6:5a:29:01:31:f1:66:a1:52:0a:30:7a: + 46:e9:23:88:87:b4:05:f3:54:6f:37:e9:ba:d2:d7:3d: + 4b:99:bb:47:7f:cf:91:21:4f:e7:e0:34:a5:d4:6f:dc: + de:60:5b:2a:79:b3:f5:96:7f:c9:b0:e2:74:30:9e:3f + Fingerprint (MD5): + 33:E4:65:72:E7:73:63:F6:4D:F3:0D:1B:79:4B:51:BA + Fingerprint (SHA1): + 2B:3B:C2:42:09:1F:DC:3C:E8:DD:1C:2E:27:CB:22:34:4B:F2:2A:A9 + + Certificate Trust Flags: + SSL Flags: + User + Email Flags: + User + Object Signing Flags: + User + + + subsystem + subsystem + + + + + Audit Log Signing Certificate + -----BEGIN NEW CERTIFICATE REQUEST----- +MIICfzCCAWcCAQAwOjEQMA4GA1UEChMHRVhBTVBMRTEmMCQGA1UEAxMdVFBT +IEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590Seob6Ee4+8A7ypAy0aJ9E +8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE77XZCpnz1Ddv/fQ71CZw +Lhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru3R7ekVngXp8VE2N5VWBC +kWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWejtWaI7AvYuh7UWbaz+aPg +GFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEMI1m9FDbF6dIdH/zFSXEQ +O+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxqjA3aXrIgNMh2wFgU4fcX +AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAk7D7vqIVUQPPchUR6MWoHyM3 +w5og8cRPE3nJQKPMhy+z1dBC67iTlPDM12entGVC+r4snbvNAfzibV/u9G4z +IurRS42vLls06hCHe2+jDr2xrpHf5iM4QExQuMSFZ9+N0xXg5ytDvWLi/LtI +YProlIaSmOdndJDQr6KPtsGb2My7a4iMBV/qVSD9A6bblbxJNPFHoiTuYj72 +7fWNT0JH2g0OmqZa5lx1o4q8dWAfKlrsMGB7OTRyJ7Y2V7FGgY50isrcxnuw +XTCPxOQGEL2T/F5q/4F+ZyJix1SfhoQys4RBXxvQbhNvbPIAHtHg/5bcbPMN +GNlW6BI4kN+UNRYGtQ== +-----END NEW CERTIFICATE REQUEST----- + -----BEGIN CERTIFICATE----- +MIIDbDCCAlSgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdF +WEFNUExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEz +MTEyMTE3NTQ1M1oXDTE1MTExMTE3NTQ1M1owOjEQMA4GA1UEChMHRVhBTVBM +RTEmMCQGA1UEAxMdVFBTIEF1ZGl0IFNpZ25pbmcgQ2VydGlmaWNhdGUwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQulXGs9YvKqbNp9JV590S +eob6Ee4+8A7ypAy0aJ9E8bwxdZ3TP9flMmFF1/Epp8riT5BUHnf1j3HpvihE +77XZCpnz1Ddv/fQ71CZwLhx2WhARQm6/07++X1A7TZALMNlARQKuYq8nF2Ru +3R7ekVngXp8VE2N5VWBCkWYiRY5Axt1hW253SiTuScIXwmf9KepMB2L3RWej +tWaI7AvYuh7UWbaz+aPgGFsCLi8B8wQriJ9hyOWpzd8EasGk1pvM8P8UgnEM +I1m9FDbF6dIdH/zFSXEQO+bTGqQri9oFnXbD+3CYtgx6f6h8s0oTTvXDakxq +jA3aXrIgNMh2wFgU4fcXAgMBAAGjgYMwgYAwHwYDVR0jBBgwFoAUY6p+ucCt +MihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFo +dHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9v +Y3NwMA4GA1UdDwEB/wQEAwIGwDANBgkqhkiG9w0BAQsFAAOCAQEAKPq8ro5J +Di7LVv45eUH5AYrOiMqa10qWDr5dEqFqn7FZ3sK4A8zx/pQc+Iz3LMaaapgl +hxXen9un2ZoAKqBJ3IES24nLr9xU+aS2vKZseGi7UZMHAxC/b3gerZvHY9p5 +CqWDPDO/ksnWikndaWvTZeqfXvqSvoJnDuwv/tCsLTTBzZ5ReTUiCAh91TXU +4LJCl8q/+IeBOvz9g+iFwICN6FiXrq5j5GJgA/NOHwCvwMpH+lmK+H4mvUlr +aVCWubitl7KqiepEyZAlyTuUX5t/u05xePVkaU/e3WijL6SSygcxH4Q9EQC8 +9PT07QwEbXSPXhv0n79x+Lhf4RuR4qZd4Q== +-----END CERTIFICATE----- + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18 (0x12) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:54:53 2013 + Not After : Wed Nov 11 17:54:53 2015 + Subject: CN=TPS Audit Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + d0:ba:55:c6:b3:d6:2f:2a:a6:cd:a7:d2:55:e7:dd:12: + 7a:86:fa:11:ee:3e:f0:0e:f2:a4:0c:b4:68:9f:44:f1: + bc:31:75:9d:d3:3f:d7:e5:32:61:45:d7:f1:29:a7:ca: + e2:4f:90:54:1e:77:f5:8f:71:e9:be:28:44:ef:b5:d9: + 0a:99:f3:d4:37:6f:fd:f4:3b:d4:26:70:2e:1c:76:5a: + 10:11:42:6e:bf:d3:bf:be:5f:50:3b:4d:90:0b:30:d9: + 40:45:02:ae:62:af:27:17:64:6e:dd:1e:de:91:59:e0: + 5e:9f:15:13:63:79:55:60:42:91:66:22:45:8e:40:c6: + dd:61:5b:6e:77:4a:24:ee:49:c2:17:c2:67:fd:29:ea: + 4c:07:62:f7:45:67:a3:b5:66:88:ec:0b:d8:ba:1e:d4: + 59:b6:b3:f9:a3:e0:18:5b:02:2e:2f:01:f3:04:2b:88: + 9f:61:c8:e5:a9:cd:df:04:6a:c1:a4:d6:9b:cc:f0:ff: + 14:82:71:0c:23:59:bd:14:36:c5:e9:d2:1d:1f:fc:c5: + 49:71:10:3b:e6:d3:1a:a4:2b:8b:da:05:9d:76:c3:fb: + 70:98:b6:0c:7a:7f:a8:7c:b3:4a:13:4e:f5:c3:6a:4c: + 6a:8c:0d:da:5e:b2:20:34:c8:76:c0:58:14:e1:f7:17 + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 28:fa:bc:ae:8e:49:0e:2e:cb:56:fe:39:79:41:f9:01: + 8a:ce:88:ca:9a:d7:4a:96:0e:be:5d:12:a1:6a:9f:b1: + 59:de:c2:b8:03:cc:f1:fe:94:1c:f8:8c:f7:2c:c6:9a: + 6a:98:25:87:15:de:9f:db:a7:d9:9a:00:2a:a0:49:dc: + 81:12:db:89:cb:af:dc:54:f9:a4:b6:bc:a6:6c:78:68: + bb:51:93:07:03:10:bf:6f:78:1e:ad:9b:c7:63:da:79: + 0a:a5:83:3c:33:bf:92:c9:d6:8a:49:dd:69:6b:d3:65: + ea:9f:5e:fa:92:be:82:67:0e:ec:2f:fe:d0:ac:2d:34: + c1:cd:9e:51:79:35:22:08:08:7d:d5:35:d4:e0:b2:42: + 97:ca:bf:f8:87:81:3a:fc:fd:83:e8:85:c0:80:8d:e8: + 58:97:ae:ae:63:e4:62:60:03:f3:4e:1f:00:af:c0:ca: + 47:fa:59:8a:f8:7e:26:bd:49:6b:69:50:96:b9:b8:ad: + 97:b2:aa:89:ea:44:c9:90:25:c9:3b:94:5f:9b:7f:bb: + 4e:71:78:f5:64:69:4f:de:dd:68:a3:2f:a4:92:ca:07: + 31:1f:84:3d:11:00:bc:f4:f4:f4:ed:0c:04:6d:74:8f: + 5e:1b:f4:9f:bf:71:f8:b8:5f:e1:1b:91:e2:a6:5d:e1 + Fingerprint (MD5): + 8C:A7:63:34:2C:55:22:B5:BA:22:5E:F8:BF:36:69:93 + Fingerprint (SHA1): + AC:AA:23:8E:CF:C0:A9:1C:BB:B5:1E:DC:82:D2:02:7D:0C:2B:F5:50 + + Certificate Trust Flags: + SSL Flags: + User + Email Flags: + User + Object Signing Flags: + Terminal Record + Trusted + User + + + audit_signing + audit_signing + + + + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + EXAMPLE + + 13 + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@<security_domain_instance_name>.service + 16 + Token Processing System + Token Processing + Import Administrator Certificate + + CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443 + External CA + + 3 + +Sleeping for 5 secs.. +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:8443 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:8443//ca/admin/ca/getBySerial?serialNumber=13&importCert=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Server: Apache-Coyote/1.1 +RESPONSE HEADER: Content-Type: application/x-x509-user-cert +RESPONSE HEADER: Content-Length: 1925 +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:21 GMT +RESPONSE HEADER: Connection: keep-alive +Imported Cert=MIIHgQYJKoZIhvcNAQcCoIIHcjCCB24CAQExADAPBgkqhkiG9w0BBwGgAgQAoIIH +UjCCA7UwggKdoAMCAQICARMwDQYJKoZIhvcNAQELBQAwMzEQMA4GA1UECgwHRVhB +TVBMRTEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xMzExMjEx +NzU1MTBaFw0xNDExMjExNzU1MTBaMGQxEDAOBgNVBAoMB0VYQU1QTEUxIzAhBgkq +hkiG9w0BCQEWFHRwc2FkbWluQGV4YW1wbGUuY29tMRgwFgYKCZImiZPyLGQBAQwI +dHBzYWRtaW4xETAPBgNVBAMMCHRwc2FkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAvS/Qy27oL6ttnTVtJ86FsmrtrJ/lJMax4P1BAFmlFyEJwOiz +Jzo6VPVl41Pzzo3NNejnH8PYZzXVcJjAYmnq7jMb0VRwdR1jUp4eIIzA+IAeFwy+ +dpoV++OAHwZzd1Bwmi2cLEKe1EM5jjGm41/Sl+CvVSP5G29ASbjHvoENEnf38DA4 +Z5xYNgTZE67kjp45SJSCMkDS0z5FLc7KGn2twEHR8dPvjvppnmLPmT/BX3kDfzyY +9/Sfh0964kNXmJJ1vtvp6ZDsKjw6gl33yPOpSxwWro5xiX/WmF4jCNJOmNHA+RXH +x9BCIEdQDg2Ae5JanMFWgYHtbRrO4ERXJ3vMXwIDAQABo4GiMIGfMB8GA1UdIwQY +MBaAFGOqfrnArTIoQO6DN+B436F+XNJEME0GCCsGAQUFBwEBBEEwPzA9BggrBgEF +BQcwAYYxaHR0cDovL3ZtLTA4NC5pZG0ubGFiLmJvcy5yZWRoYXQuY29tOjgwODAv +Y2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG +AQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQAJWlit58qSP33zt5vStWDVmnJgzxF3 +F0mAUA1bhN9Y36Y1L7E8yqlL/rDjbZ3MfY8KkD6MkX/JPyZB5RDsnCPfblke0qzd +pRAbSo3cZfFtSAO2PAr9I2HA2XG8Trk7OSLpXBICGvzW47y6UgXoKWRMP5+evWsa +wknSMPUi23F1cHJSq974h4+Vbb822+q2EUCtRADfWLsIVRWcopkq1wu7emwuyTY6 +rt8vnUo41/UVQAzcUszRSXhZqd+wHCXOu59Goq1Rq1JawKMYrGII6hZOL/iOVITd +ck/iQ3RxJcrJd1FVfWfAUUeJQ/NlwqtmEnDmSKdQ/y0EOd9Jl3i7NHh4MIIDlTCC +An2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdFWEFNUExFMR8w +HQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTEzMTEyMTE3MDAzMFoX +DTMzMTEyMTE3MDAzMFowMzEQMA4GA1UECgwHRVhBTVBMRTEfMB0GA1UEAwwWQ0Eg +U2lnbmluZyBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAN+PnnAUnBRDBjppOrnUNwckrJuM85vdRA7Te/YQxDYRu51+Ge2OYYipEWTy +PsYa+MlORipdGZH0Q1ZXw8l7Gcn+SdDRJNj5MFlYqobt4QcnfSxhvBhdSmcFHD9K +w0zxkZbF4YAI6osXfM16I+ZxRTiK1vPE92Hi7I/ybyrD+SRfBsXMnXpSU7czDzyU +94NBxGhaPJMNt849YPItXBbU1yPS+wUUDC04Ve3ofZrtEX2s1QFOriY6jmFAW7mD +FQraJPoNwq0a5C8BXle9YVoX4Qv3XjwtNyMewrMe0e+avrRX2+RPWB11h2grVrGv +yxYYQ0+89c8kmGSnDW6gq2y04ssCAwEAAaOBszCBsDAfBgNVHSMEGDAWgBRjqn65 +wK0yKEDugzfgeN+hflzSRDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +xjAdBgNVHQ4EFgQUY6p+ucCtMihA7oM34HjfoX5c0kQwTQYIKwYBBQUHAQEEQTA/ +MD0GCCsGAQUFBzABhjFodHRwOi8vdm0tMDg0LmlkbS5sYWIuYm9zLnJlZGhhdC5j +b206ODA4MC9jYS9vY3NwMA0GCSqGSIb3DQEBCwUAA4IBAQBzcn0xO5Ju2WRkwZOa ++hd1lKg/KYtXqnOstqKUPNRThmzBlZj1vqF5rHW7ljA83F8n/vDs41TEUbKWRezI +NYeS28nX0JwJYzTATYup9xCVmp9voV69G9kyvhj8bHBstzfoRQnOebfWLNO0CbIA +QRruDHYhDy1beXy+1SMS+JOt4ZmeofoKme3razrWxiAr4uuGwvHr9JzXC1udjMd7 +is1A+bgN/kTVFHnVHHZW2eXncnpLwiT+Hjo400yFxmx3vu5Gq9f0KcUzjg6IkfBu +Wyi4B5/B2Uc85f5YggQ4AU7wJ1R24skSStrWKE0QAKzxEj6vFW3OtooY7Eu+bAjA +wPDQMQA= + +CRYPTO INIT WITH CERTDB:/home/edewata/Projects/pki-dev/certs/tps +Crypto manager already initialized +importCert string: importing with nickname: tpsadmin +Already logged into to DB +SUCCESS: imported admin user cert +############################################# +Attempting to connect to: vm-084.idm.lab.bos.redhat.com:7890 +Connected. +Posting Query = https://vm-084.idm.lab.bos.redhat.com:7890//tps/admin/console/config/wizard?p=15&serialNumber=13&caHost=vm-084.idm.lab.bos.redhat.com&caPort=8443&op=next&xml=true +RESPONSE STATUS: HTTP/1.1 200 OK +RESPONSE HEADER: Date: Thu, 21 Nov 2013 17:55:21 GMT +RESPONSE HEADER: Server: Apache +RESPONSE HEADER: Connection: close +RESPONSE HEADER: Content-Type: text/xml + + + + TPS Administrator + + + admin + dc=vm-084.idm.lab.bos.redhat.com-pki-tps + cn=directory manager + + false + vm-084.idm.lab.bos.redhat.com + 8443 + ca + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Issuer: CN=CA Signing Certificate,O=EXAMPLE + Validity: + Not Before: Thu Nov 21 17:00:30 2013 + Not After : Mon Nov 21 17:00:30 2033 + Subject: CN=CA Signing Certificate,O=EXAMPLE + Subject Public Key Info: + Public Key Algorithm: PKCS #1 RSA Encryption + RSA Public Key: + Modulus: + df:8f:9e:70:14:9c:14:43:06:3a:69:3a:b9:d4:37:07: + 24:ac:9b:8c:f3:9b:dd:44:0e:d3:7b:f6:10:c4:36:11: + bb:9d:7e:19:ed:8e:61:88:a9:11:64:f2:3e:c6:1a:f8: + c9:4e:46:2a:5d:19:91:f4:43:56:57:c3:c9:7b:19:c9: + fe:49:d0:d1:24:d8:f9:30:59:58:aa:86:ed:e1:07:27: + 7d:2c:61:bc:18:5d:4a:67:05:1c:3f:4a:c3:4c:f1:91: + 96:c5:e1:80:08:ea:8b:17:7c:cd:7a:23:e6:71:45:38: + 8a:d6:f3:c4:f7:61:e2:ec:8f:f2:6f:2a:c3:f9:24:5f: + 06:c5:cc:9d:7a:52:53:b7:33:0f:3c:94:f7:83:41:c4: + 68:5a:3c:93:0d:b7:ce:3d:60:f2:2d:5c:16:d4:d7:23: + d2:fb:05:14:0c:2d:38:55:ed:e8:7d:9a:ed:11:7d:ac: + d5:01:4e:ae:26:3a:8e:61:40:5b:b9:83:15:0a:da:24: + fa:0d:c2:ad:1a:e4:2f:01:5e:57:bd:61:5a:17:e1:0b: + f7:5e:3c:2d:37:23:1e:c2:b3:1e:d1:ef:9a:be:b4:57: + db:e4:4f:58:1d:75:87:68:2b:56:b1:af:cb:16:18:43: + 4f:bc:f5:cf:24:98:64:a7:0d:6e:a0:ab:6c:b4:e2:cb + Exponent: 65537 (0x10001) + Signed Extensions: + Name: Certificate Authority Key Identifier + Key ID: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Certificate Basic Constraints + Critical: True + Data: Is a CA with no maximum path length. + + Name: Certificate Key Usage + Critical: True + Usages: Digital Signature + Non-Repudiation + Certificate Signing + CRL Signing + + Name: Certificate Subject Key ID + Data: + 63:aa:7e:b9:c0:ad:32:28:40:ee:83:37:e0:78:df:a1: + 7e:5c:d2:44 + + Name: Authority Information Access + Method: PKIX Online Certificate Status Protocol + Location: + URI: http://vm-084.idm.lab.bos.redhat.com:8080/ca/ocsp + + Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption + Signature: + 73:72:7d:31:3b:92:6e:d9:64:64:c1:93:9a:fa:17:75: + 94:a8:3f:29:8b:57:aa:73:ac:b6:a2:94:3c:d4:53:86: + 6c:c1:95:98:f5:be:a1:79:ac:75:bb:96:30:3c:dc:5f: + 27:fe:f0:ec:e3:54:c4:51:b2:96:45:ec:c8:35:87:92: + db:c9:d7:d0:9c:09:63:34:c0:4d:8b:a9:f7:10:95:9a: + 9f:6f:a1:5e:bd:1b:d9:32:be:18:fc:6c:70:6c:b7:37: + e8:45:09:ce:79:b7:d6:2c:d3:b4:09:b2:00:41:1a:ee: + 0c:76:21:0f:2d:5b:79:7c:be:d5:23:12:f8:93:ad:e1: + 99:9e:a1:fa:0a:99:ed:eb:6b:3a:d6:c6:20:2b:e2:eb: + 86:c2:f1:eb:f4:9c:d7:0b:5b:9d:8c:c7:7b:8a:cd:40: + f9:b8:0d:fe:44:d5:14:79:d5:1c:76:56:d9:e5:e7:72: + 7a:4b:c2:24:fe:1e:3a:38:d3:4c:85:c6:6c:77:be:ee: + 46:ab:d7:f4:29:c5:33:8e:0e:88:91:f0:6e:5b:28:b8: + 07:9f:c1:d9:47:3c:e5:fe:58:82:04:38:01:4e:f0:27: + 54:76:e2:c9:12:4a:da:d6:28:4d:10:00:ac:f1:12:3e: + af:15:6d:ce:b6:8a:18:ec:4b:be:6c:08:c0:c0:f0:d0 + Fingerprint (MD5): + C6:6E:4E:E2:92:8A:A7:2A:60:EA:2F:4D:FB:ED:15:17 + Fingerprint (SHA1): + 96:4A:92:79:6C:A4:CC:5B:6B:6E:88:84:48:43:9C:F4:84:5D:3C:E1 + + Certificate Trust Flags: + SSL Flags: + Valid CA + Trusted CA + Trusted Client CA + Email Flags: + Valid CA + Trusted CA + Object Signing Flags: + Valid CA + Trusted CA + + + 1 + + + + CN=vm-084.idm.lab.bos.redhat.com, OU=pki-tps, O=EXAMPLE + sslserver + SSL Server Certificate + + + + + CN=TPS Subsystem Certificate, OU=pki-tps, O=EXAMPLE + subsystem + Subsystem Certificate + + + + + CN=TPS Audit Signing Certificate, OU=pki-tps, O=EXAMPLE + audit_signing + Audit Log Signing Certificate + + + + + + 1 + 2048 + vm-084.idm.lab.bos.redhat.com-pki-tps + + NSS Certificate DB + nistp256 + 2048 + 1 + + 0 + true + Token Processing System + vm-084.idm.lab.bos.redhat.com + localhost + 7888 + 7889 + true + + pki-tps + nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 + 1024,2048,3072,4096 + 1 + localhost + Token Processing System + 7890 + 7890 + +

16

+ tps/admin/console/config/donepanel.vm + Security Domain + + PKI::TPS::WelcomePanel=HASH(0x7fa0c0b679b0) + PKI::TPS::ModulePanel=HASH(0x7fa0c0b78608) + PKI::TPS::ConfigHSMLoginPanel=HASH(0x7fa0c0b90188) + PKI::TPS::SecurityDomainPanel=HASH(0x7fa0c0b93f30) + PKI::TPS::DisplayCertChainPanel=HASH(0x7fa0c0b9c480) + PKI::TPS::SubsystemTypePanel=HASH(0x7fa0c0ba7ad8) + PKI::TPS::CAInfoPanel=HASH(0x7fa0c0bae650) + PKI::TPS::TKSInfoPanel=HASH(0x7fa0c0bbcfc0) + PKI::TPS::DRMInfoPanel=HASH(0x7fa0c0bc58e8) + PKI::TPS::AuthDBPanel=HASH(0x7fa0c0bcd118) + PKI::TPS::DatabasePanel=HASH(0x7fa0c08be670) + PKI::TPS::SizePanel=HASH(0x7fa0c0be0798) + PKI::TPS::NamePanel=HASH(0x7fa0c0bf0610) + PKI::TPS::CertRequestPanel=HASH(0x7fa0c0c19698) + PKI::TPS::AdminPanel=HASH(0x7fa0c0c28018) + PKI::TPS::ImportAdminCertPanel=HASH(0x7fa0c0c32c30) + PKI::TPS::DonePanel=HASH(0x7fa0c0c3e6e8) + + 7889 + 389 + + 10.1.0 + https://vm-084.idm.lab.bos.redhat.com:8443/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2Fvm-084.idm.lab.bos.redhat.com%3A7890%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS + + + + SSL Server Certificate + + ...paste certificate here... + + sslserver + sslserver + + + + + Subsystem Certificate + + ...paste certificate here... + + subsystem + subsystem + + + + + Audit Log Signing Certificate + + ...paste certificate here... + + audit_signing + audit_signing + + + + systemctl restart pki-tpsd@pki-tps + https://vm-084.idm.lab.bos.redhat.com:9445 + Security Domain + + false + EXAMPLE + + 13 + false + + PKI::TPS::GlobalVar=HASH(0x7fa0740410e0) + PKI::TPS::GlobalVar=HASH(0x7fa0742a1668) + PKI::TPS::GlobalVar=HASH(0x7fa0747ab760) + + systemctl status pki-tomcatd@&lt;security_domain_instance_name&gt;.service + 17 + Token Processing System + Token Processing + Done + 7888 + + CA vm-084.idm.lab.bos.redhat.com 8443 - https://vm-084.idm.lab.bos.redhat.com:8443 + External CA + + 3 + +Certificate System - TPS Instance Configured + +####################################################################### diff --git a/scripts/tps-configure.sh b/scripts/tps-configure.sh index dfc3251..32b0afe 100755 --- a/scripts/tps-configure.sh +++ b/scripts/tps-configure.sh @@ -58,9 +58,9 @@ pkisilent ConfigureTPS \ -admin_password "$TPS_ADMIN_PASSWORD" \ -agent_key_size 2048 \ -agent_key_type rsa \ - -agent_cert_subject "$TPS_ADMIN_CERT_SUBJECT" + -agent_cert_subject "$TPS_ADMIN_CERT_SUBJECT" 2>&1 | tee tps-configure.out echo $PASSWORD > "$CERTS/password.txt" PKCS12Export -d "$CERTS" -o "$CERTS/tps-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt" -systemctl restart pki-tpsd@$TPS_INSTANCE_NAME.service +echo systemctl restart pki-tpsd@$TPS_INSTANCE_NAME.service diff --git a/scripts/tps-create.sh b/scripts/tps-create.sh index ed88bad..24e444c 100755 --- a/scripts/tps-create.sh +++ b/scripts/tps-create.sh @@ -1,17 +1,15 @@ #!/bin/sh -x -pkispawn -f tps.cfg -s TPS -v 2>&1 | tee build/tps-create.log +. ./tps-include.sh -#. ./tps-include.sh - -#pkicreate -pki_instance_root=$INSTANCE_ROOT \ -# -pki_instance_name=$TPS_INSTANCE_NAME \ -# -subsystem_type=$TPS_SUBSYSTEM_TYPE \ -# -secure_port=$TPS_SECURE_PORT \ -# -non_clientauth_secure_port=$TPS_NON_CLIENTAUTH_SECURE_PORT \ -# -unsecure_port=$TPS_UNSECURE_PORT \ -# -user=$INSTANCE_USER \ -# -group=$INSTANCE_GROUP \ -# -redirect conf=/etc/$TPS_INSTANCE_NAME \ -# -redirect logs=/var/log/$TPS_INSTANCE_NAME \ -# -verbose +pkicreate -pki_instance_root=$INSTANCE_ROOT \ + -pki_instance_name=$TPS_INSTANCE_NAME \ + -subsystem_type=$TPS_SUBSYSTEM_TYPE \ + -secure_port=$TPS_SECURE_PORT \ + -non_clientauth_secure_port=$TPS_NON_CLIENTAUTH_SECURE_PORT \ + -unsecure_port=$TPS_UNSECURE_PORT \ + -user=$INSTANCE_USER \ + -group=$INSTANCE_GROUP \ + -redirect conf=/etc/$TPS_INSTANCE_NAME \ + -redirect logs=/var/log/$TPS_INSTANCE_NAME \ + -verbose diff --git a/scripts/tps-download.sh b/scripts/tps-download.sh new file mode 100755 index 0000000..5c7303c --- /dev/null +++ b/scripts/tps-download.sh @@ -0,0 +1,12 @@ +#!/bin/sh -x + +cd ~/Downloads + +BASE_URL=http://kojipkgs.fedoraproject.org/packages +PACKAGE=pki-tps +VERSION=10.1.0 +RELEASE=1 +OS=fc20 + +wget $BASE_URL/$PACKAGE/$VERSION/$RELEASE.$OS/x86_64/pki-tps-$VERSION-$RELEASE.$OS.x86_64.rpm +wget $BASE_URL/$PACKAGE/$VERSION/$RELEASE.$OS/x86_64/pki-tps-debuginfo-$VERSION-$RELEASE.$OS.x86_64.rpm diff --git a/scripts/tps-enroll.sh b/scripts/tps-enroll.sh new file mode 100755 index 0000000..78c9212 --- /dev/null +++ b/scripts/tps-enroll.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +tpsclient < $INSTANCE_DIR/conf/internal.txt -tkstool -I -d $INSTANCE_DIR/alias -n sharedSecret -f $INSTANCE_DIR/conf/internal.txt diff --git a/scripts/tps-install.sh b/scripts/tps-install.sh index 2fa9b7d..d6a00f4 100755 --- a/scripts/tps-install.sh +++ b/scripts/tps-install.sh @@ -1,9 +1,8 @@ #!/bin/sh -x -WORK_DIR=`pwd` PROJECT_DIR=`cd ../.. ; pwd` -COMPONENT=tps +BUILD_DIR=$HOME/build/pki-tps -cd $WORK_DIR/build/$COMPONENT/repo +cd $BUILD_DIR/repo yum install -y *.rpm diff --git a/scripts/tps-publish.sh b/scripts/tps-publish.sh new file mode 100755 index 0000000..72d9bd3 --- /dev/null +++ b/scripts/tps-publish.sh @@ -0,0 +1,10 @@ +#!/bin/sh -x + +BUILD_DIR=$HOME/build/pki-tps +mkdir -p $BUILD_DIR +cd $BUILD_DIR + +REPO_DIR=/var/www/html/pub/fedora/linux/releases/20/Everything/x86_64/os +mkdir -p $REPO_DIR +cp repo/*.rpm $REPO_DIR +createrepo $REPO_DIR diff --git a/scripts/tps-remove.sh b/scripts/tps-remove.sh index 62432bb..8d6848d 100755 --- a/scripts/tps-remove.sh +++ b/scripts/tps-remove.sh @@ -1,13 +1,8 @@ #!/bin/sh -x -SRC_DIR=`cd ../.. ; pwd` -INSTANCE_NAME=tps-master +. ./tps-include.sh -pkidestroy -v -s TPS -i $INSTANCE_NAME - -#. ./tps-include.sh - -#pkiremove -pki_instance_root=$INSTANCE_ROOT \ -# -pki_instance_name=$TPS_INSTANCE_NAME \ -# -force \ -# -verbose +pkiremove -pki_instance_root=$INSTANCE_ROOT \ + -pki_instance_name=$TPS_INSTANCE_NAME \ + -force \ + -verbose diff --git a/scripts/tps-secret-import.sh b/scripts/tps-secret-import.sh new file mode 100755 index 0000000..b21cd36 --- /dev/null +++ b/scripts/tps-secret-import.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +INSTANCE_DIR=/var/lib/pki-tps +grep "internal:" $INSTANCE_DIR/conf/password.conf | sed "s/internal://" > $INSTANCE_DIR/conf/internal.txt +tkstool -I -d $INSTANCE_DIR/alias -n sharedSecret -f $INSTANCE_DIR/conf/internal.txt diff --git a/scripts/tps-secret-list.sh b/scripts/tps-secret-list.sh new file mode 100755 index 0000000..334514c --- /dev/null +++ b/scripts/tps-secret-list.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +INSTANCE_DIR=/var/lib/pki-tps +grep "internal:" $INSTANCE_DIR/conf/password.conf | sed "s/internal://" > $INSTANCE_DIR/conf/internal.txt + +certutil -K -d $INSTANCE_DIR/alias -f $INSTANCE_DIR/conf/internal.txt + +tkstool -L -d $INSTANCE_DIR/alias -n sharedSecret -f $INSTANCE_DIR/conf/internal.txt -h all + diff --git a/scripts/tps-start.sh b/scripts/tps-start.sh index 16cd506..fa70505 100755 --- a/scripts/tps-start.sh +++ b/scripts/tps-start.sh @@ -1,9 +1,4 @@ #!/bin/sh -x -INSTANCE_NAME=tps-master - -systemctl start pki-tomcatd@$INSTANCE_NAME.service - -#INSTANCE_NAME=pki-tps - -#systemctl start pki-tpsd@$INSTANCE_NAME.service +INSTANCE_NAME=pki-tps +systemctl start pki-tpsd@$INSTANCE_NAME.service diff --git a/scripts/tps-stop.sh b/scripts/tps-stop.sh index d3eba4a..0b404d3 100755 --- a/scripts/tps-stop.sh +++ b/scripts/tps-stop.sh @@ -1,9 +1,4 @@ #!/bin/sh -x -INSTANCE_NAME=tps-master - -systemctl stop pki-tomcatd@$INSTANCE_NAME.service - -#INSTANCE_NAME=pki-tps - -#systemctl stop pki-tpsd@$INSTANCE_NAME.service +INSTANCE_NAME=pki-tps +systemctl stop pki-tpsd@$INSTANCE_NAME.service diff --git a/scripts/tps.cfg b/scripts/tps.cfg index f0fa757..f109ca9 100644 --- a/scripts/tps.cfg +++ b/scripts/tps.cfg @@ -1,10 +1,5 @@ -[DEFAULT] -pki_instance_name=tps-master -#pki_skip_configuration=True - [TPS] -pki_ajp_port=16009 -pki_admin_cert_file=/root/.dogtag/ca-master/ca_admin.cert +pki_admin_cert_file=/root/.dogtag/pki-tomcat/ca_admin.cert pki_admin_email=tpsadmin@example.com pki_admin_name=tpsadmin pki_admin_nickname=tpsadmin @@ -12,16 +7,15 @@ pki_admin_password=Secret123 pki_admin_uid=tpsadmin pki_backup_password=Secret123 pki_ds_base_dn=dc=tps,dc=example,dc=com -pki_ds_database=tps pki_client_database_password=Secret123 pki_client_database_purge=False pki_client_pkcs12_password=Secret123 pki_clone_pkcs12_password=Secret123 pki_ds_password=Secret123 -pki_http_port=16080 -pki_https_port=16443 pki_security_domain_name=EXAMPLE pki_security_domain_user=caadmin pki_security_domain_password=Secret123 pki_token_password=Secret123 -pki_tomcat_server_port=16005 +pki_authdb_basedn=dc=ca,dc=example,dc=com +pki_authdb_port=389 +pki_enable_server_side_keygen=False -- cgit