[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PKINIT - hash for CA key

To: "'Mario Strasser'" <mario.strasser@zhwin.ch>
Subject: RE: PKINIT - hash for CA key
From: "STEWARD, Curtis (Jamestown)" <Curtis.Steward@trw.com>
Date: Tue, 22 Oct 2002 09:12:05 -0400
Cc: heimdal-discuss@sics.se, kouril@ics.muni.cz
Sender: owner-heimdal-discuss@sics.se

Title: RE: PKINIT - hash for CA key

Thanks! I should have caught that, the subject
didn't have the domain in the server cert. As
far as hashing I'm not sure what you mean't by
intermediate cert, but I had a CA(hashed),
Server (Non-hashed), and User (Non-hashed)
certs and I got my ticket.

-----Original Message-----
From: Mario Strasser [mailto:mario.strasser@zhwin.ch]
Sent: Tuesday, October 22, 2002 1:02 AM
To: STEWARD, Curtis (Jamestown)
Cc: heimdal-discuss@sics.se; kouril@ics.muni.cz
Subject: Re: PKINIT - hash for CA key

Hi,

On Monday 21 October 2002 20:13, STEWARD, Curtis (Jamestown) wrote:
> [...]
> Thanks, that worked, but it still errors against the KDC.
> I'm assuming the CA Cert(s) are all that is necessary to hash?
The root ca certificate as well as the intermediate
ca certificates.

> [...]
> kinit: krb5_get_init_creds: KDC not trusted
> [...]
> pkinit_server = keith.jms.domain.com:88
>
The subject (or the subject alternative name) of
the server certificate must contain the DNS name
of the KDC (keith.jms.domain.com).

Regards,
Mario

Content Security by MailMarshal

Follow-Ups:
- Re: PKINIT - hash for CA key
  - From: Daniel Kouril <kouril@ics.muni.cz>

Prev by Date: Re: PKINIT - hash for CA key
Next by Date: Re: PKINIT - hash for CA key
Prev by thread: Re: PKINIT - hash for CA key
Next by thread: Re: PKINIT - hash for CA key
Index(es):
- Date
- Thread