krb5-1.12.1, pkinit, and openssl ca

squidmobile@fastmail.fm squidmobile at fastmail.fm
Wed May 28 18:46:31 EDT 2014


28 may 2014

greetings,

i tried to set up openssl ssl/tls certificates for krb5-1.12.1.  i
used the extensions cited in the docs.  i cut-and-pasted, so my
typing should not be an issue, and then double-checked the
extensions files.  the openssl ca command looked like it ran ok,
but the output certificates lacked the proper data in the
extensions area of the output certificates.

this covers almost all if could find about the mapping file:

  pkinit_mapping_file

    Specifies the name of the ACL pkinit mapping file. This file
    maps principals to the certificates that they can use.

i could not find any substantial docs on how to set up this
feature and how to use it.

any comments?  any more docs somewhere?

would someone like a script log of the openssl ca process?

thank you for your time and assistance
frank smith

-- 
http://www.fastmail.fm - A no graphics, no pop-ups email service



More information about the Kerberos mailing list