Thanks! I should have caught that, the subject
didn't have the domain in the server cert. As
far as hashing I'm not sure what you mean't by
intermediate cert, but I had a CA(hashed),
Server (Non-hashed), and User (Non-hashed)
certs and I got my ticket.
From: Mario Strasser [mailto:firstname.lastname@example.org]
Sent: Tuesday, October 22, 2002 1:02 AM
To: STEWARD, Curtis (Jamestown)
Cc: email@example.com; firstname.lastname@example.org
Subject: Re: PKINIT - hash for CA key
On Monday 21 October 2002 20:13, STEWARD, Curtis (Jamestown) wrote:
> Thanks, that worked, but it still errors against the KDC.
> I'm assuming the CA Cert(s) are all that is necessary to hash?
The root ca certificate as well as the intermediate
> kinit: krb5_get_init_creds: KDC not trusted
> pkinit_server = keith.jms.domain.com:88
The subject (or the subject alternative name) of
the server certificate must contain the DNS name
of the KDC (keith.jms.domain.com).
Content Security by MailMarshal