(CATOOL) Re: CATool question
Bon sy
bon at bunny.cs.qc.edu
Tue Aug 30 19:57:35 CDT 2005
On Wed, 31 Aug 2005, Mike McCauley wrote:
> Hello Bon,
>
> The certificate you sent me looks to be a self-signed certificate for
> C=US, ST=New York, L=Flushing, O=qcwireless, CN=qcwireless Certificate
> Authority
>
> Is your CATool that certificate authority?
> How did you genertae that certificate? Was it imported somehow, or did you
> request and sign it with CAtool?
When CATool is installed, there is a CATool root certificate. And there is
an administrator utility to create accounts. I create a user account
called qcwireless that is enabled and with signing privilege. At the same
time I use CATool to create a qcwireless root certificate, and sign it
with CATool. The qcwireless root certificate is _not_ generated eleswhere
and imported. I hope this answers what you are asking.
Thanks again!
>
> Cheers.
>
> On Wednesday 31 August 2005 10:19, Bon sy wrote:
> > Mike,
> > Your derscription below is exactly the problem scenario that
> > I have now.
> >
> > As an additional observation, you may noticed from the attached
> > root certificate file I sent you in the previous email, that root
> > certificate has an extension of ".crt" other than the standard .pem, .p12,
> > or .der (I do not know whether this as any thing to do with the CATool by
> > not proving renewal option. But I thought I shoudl at least mention it.)
> >
> > Thank again!
> >
> >
> >
> > Bon
> >
> > On Wed, 31 Aug 2005, Mike McCauley wrote:
> > > Hello Bon,
> > >
> > > On Wednesday 31 August 2005 09:58, Bon sy wrote:
> > > > Mikem
> > > >
> > > > Thanks for the note. I am aware of the instruction you described
> > > > below and have been using to renew standard/client/server
> > > > certificates. My problem is that the root certificate I sent you (or
> > > > other root certificates) within the CATool environment just was not
> > > > offered the option of renewal! Even I can renew all other certificates,
> > > > but not the root certificate (the renewal option does not show up in
> > > > the web UI).
> > >
> > > Perhaps I dont understand your question prperly.
> > >
> > > It seems you are talking about some certificates that were generated by
> > > CAtool, not the CAtool root certificate? And you are using these
> > > certificates as root certificates for some other application? And that
> > > these certificates do not have a renew option when you view them in the
> > > CAtool certificate directory?
> > >
> > > Do I understand correctly?
> > >
> > > Cheers.
> > >
> > > > Bon
> > > >
> > > > On Wed, 31 Aug 2005, Mike McCauley wrote:
> > > > > Hello Bon,
> > > > >
> > > > > Thnaks for your note.
> > > > >
> > > > > On Tuesday 30 August 2005 12:25, Bon sy wrote:
> > > > > > I am not talking about the CATool root certificate. But rather a
> > > > > > root certificate created from using the CATool, which was set to
> > > > > > expire in one year. See the root certificate in the attachment.
> > > > > >
> > > > > > In any event, the issue is not whether the root certificate lasts
> > > > > > for 10 years. But the issue is whether the CATool provides a
> > > > > > utility to renew the root certificate that was generated.
> > > > > >
> > > > > > In the case of using openssl, I can easily re-create the root
> > > > > > certificate (in our old environment). But I could not find the user
> > > > > > interface in CATool to renewal the root certificate, nor could I
> > > > > > re-create it via the GUI interface ... even if as the last resort
> > > > > > we need to re-create the entire CA structure. So, does it mean that
> > > > > > we need to re-install CATool? This makes the CATool a
> > > > > > less-than-idea commercial product.
> > > > >
> > > > > You can renew any certificate created with CATool:
> > > > > 1. From the Main Menu, click on 'View Directory of Certificates'
> > > > > 2. Click on View next to the certificate you wish to renew.
> > > > > 3. Scroll down and click on the 'Request Renewal' button.
> > > > > 4. Click on Submit.
> > > > > 5. An administrator can then sign the renewed certificate.
> > > > >
> > > > > Cheers.
> > > > >
> > > > > > Bon
> > > > > >
> > > > > > On Tue, 30 Aug 2005, Mike McCauley wrote:
> > > > > > > Hello,
> > > > > > >
> > > > > > > On Tuesday 30 August 2005 00:53, you wrote:
> > > > > > > > Mike,
> > > > > > > > Sorry that I did not post it to the CATool listserv. I do not
> > > > > > > > have the email address for that.
> > > > > > >
> > > > > > > Its catool at open.com.au
> > > > > > >
> > > > > > > > I have a (hopefully) rather trival question. I have a root
> > > > > > > > certificate that has expired. I do not seem to find the CATool
> > > > > > > > option to renewal the root certificate even I could easily
> > > > > > > > renewal a client/server certificate. ANy idea?
> > > > > > >
> > > > > > > Hmmm, are you sure? Your root certificate should be valid for 10
> > > > > > > years.
> > > > > > >
> > > > > > > Cheers.
> > > > > > >
> > > > > > > > Thanks!
> > > > > > > >
> > > > > > > > Bon
> > > > > > >
> > > > > > > --
> > > > > > > Mike McCauley mikem at open.com.au
> > > > > > > Open System Consultants Pty. Ltd Unix, Perl, Motif,
> > > > > > > C++, WWW 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> > > > > > > http://www.open.com.au Phone +61 7 5598-7474
> > > > > > > Fax +61 7 5598-7070
> > > > > > >
> > > > > > > Radiator: the most portable, flexible and configurable RADIUS
> > > > > > > server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password,
> > > > > > > NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active
> > > > > > > Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc.
> > > > >
> > > > > --
> > > > > Mike McCauley mikem at open.com.au
> > > > > Open System Consultants Pty. Ltd Unix, Perl, Motif, C++,
> > > > > WWW 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> > > > > http://www.open.com.au Phone +61 7 5598-7474
> > > > > Fax +61 7 5598-7070
> > > > >
> > > > > Radiator: the most portable, flexible and configurable RADIUS server
> > > > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > > > > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> > > > > TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc.
> > > > >
> > > > > --
> > > > > Archive at http://www.open.com.au/archives/catool/
> > > > > Announcements on catool-announce at open.com.au
> > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > 'unsubscribe catool' in the body of the message.
> > >
> > > --
> > > Mike McCauley mikem at open.com.au
> > > Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> > > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> > > http://www.open.com.au Phone +61 7 5598-7474 Fax
> > > +61 7 5598-7070
> > >
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > > TTLS, PEAP etc on Unix, Windows, MacOS etc.
> > >
> > > --
> > > Archive at http://www.open.com.au/archives/catool/
> > > Announcements on catool-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe catool' in the body of the message.
> >
> > --
> > Archive at http://www.open.com.au/archives/catool/
> > Announcements on catool-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe catool' in the body of the message.
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
> Phone +61 7 5598-7474 Fax +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>
--
Archive at http://www.open.com.au/archives/catool/
Announcements on catool-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe catool' in the body of the message.
More information about the catool
mailing list