[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PKINIT - hash for CA key

Title: RE: PKINIT - hash for CA key


Thanks, that worked, but it still errors against the KDC. 
I'm assuming the CA Cert(s) are all that is necessary to hash?

/usr/heimdal/bin/kinit -f -C /var/tmp/keys/root.crt -K /var/tmp/keys/root.pem -D /var/tmp/ca
Passphrase for your private key:

kinit: krb5_get_init_creds: KDC not trusted

My principal in kdc.conf:
root = /C=Test/ST=ND/L=City/O=Co/OU=North America/CN=root@jms.domain.com/Email=curtis.steward@exchange.cl.trw.com

I did enter the following in krb5.conf, I would think it would
not be necessary to add anything else being the PKI and KDC are
in the same domain/realm?

pkinit_server = keith.jms.domain.com:88



-----Original Message-----
From: Mario Strasser [mailto:mario.strasser@zhwin.ch]
Sent: Monday, October 21, 2002 8:32 AM
To: STEWARD, Curtis (Jamestown); kouril@ics.muni.cz
Cc: heimdal-discuss@sics.se
Subject: Re: PKINIT - hash for CA key

Hi Dan,

On Monday 21 October 2002 14:15, STEWARD, Curtis (Jamestown) wrote:
> [...]
> openssl x509 -noout -hash -in cacert.pem
> ln -s cacert.pem f871f896
> [...]
The hash files must have the file extension
0 (zero); thus your certificate must be linked
to f871f896.0:
bash# ln -s cacert.pem f871f896.0


Content Security by MailMarshal