top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Generate CRL for NSS Self Signed CA for fedora

0 votes
375 views

I am currently experimenting with a self signed CA using NSS at the moment.

I would like to be able to create certificates, sign them with the CA, and be able to revoke them via some CRL mechanism.

At the moment, I can achieve the first two steps, but the method of revoking a certificate from an NSS db, and then creating a CRL from that is eluding me. I have tried to research this quite a bit, and reading of
various man pages are not sheding light upon this situation for me.

any tips.

posted Aug 5, 2013 by Luv Kumar

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

http://pki.fedoraproject.org/wiki/PKI_Main_Page

Or FreeIPA, which includes dogtag, IIRC.

answer Aug 5, 2013 by Sanketi Garg
Similar Questions
+3 votes

I have Apache 2.4 (win32) and have the following in my CA bundle.

Root 1
Subordinate 1
Subordinate 2

My server was signed off Subordinate 1, When I do openssl s_client -connect server:443, it shows both Subordinate 1 and Subordinate 2 in the acceptable CA names.

If I remove Subordinate 2 from the bundle, It only shows Subordinate 1 as a acceptable CA. However, if I remove Subordinate 1, it still shows as an acceptable CA.

It seems httpd references not only cabundle/cafiles but also certs in the Chain file. as acceptable CAs.

Is it possible to prevent a user signed off Subordinate 1 from using client certificate authentication while the server cert is issued off Subordinate 1?

+1 vote

I am trying to setup SSL on my replica set, I am creating the CA with the command

openssl req -newkey rsa:2048 -new -x509 -days 36500 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key

My Environment:

MongoDB 3.2.6
Ubuntu 14.04

My replica set have 3 servers, Is thats the correct way to create the CA ?

0 votes

Each time I turn off Fedora 24, I get the following message about 50 times printed in the console:

Kernel not configured for semaphores (System V IPC). Not using udev synchronisation code.
device-mapper: remove ioctl on fedora_alpha-root failed: Device or resource busy Command failed

What does that mean?

+1 vote

Also, Is there any How To about setting up things so that Android Studio uses the Oracle Java but the rest of the programs use Open JDK?

Is using a VM the only way to do it? Id rather not have to do that.

...