(CATOOL) Re: CATool question

Mike McCauley mikem at open.com.au
Tue Aug 30 23:12:12 CDT 2005 

Hello Bon,


On Wednesday 31 August 2005 10:57, Bon sy wrote:
> On Wed, 31 Aug 2005, Mike McCauley wrote:
> > Hello Bon,
> >
> > The certificate you sent me looks to be a self-signed certificate for
> > C=US, ST=New York, L=Flushing, O=qcwireless, CN=qcwireless Certificate
> > Authority
> >
> > Is your CATool that certificate authority?
> > How did you genertae that certificate? Was it imported somehow, or did
> > you request and sign it with CAtool?
>
> When CATool is installed, there is a CATool root certificate. And there is
> an administrator utility to create accounts. I create a user account
> called qcwireless that is enabled and with signing privilege. At the same
> time I use CATool to create a qcwireless root certificate, and sign it
> with CATool. The qcwireless root certificate is _not_ generated eleswhere
> and imported. I hope this answers what you are asking.

Thats curious.
When I follow the same steps, then View the certificate (logged in either as 
qcwiress or a CAtool signer) I see a 'Request Renewal' button at the bottom 
of the page.

Is it possible you are logged in to CAtool as someone other than qcwireless or 
a signer?
What do you see on the View certificate page?

Cheers.

>
> Thanks again!
>
> > Cheers.
> >
> > On Wednesday 31 August 2005 10:19, Bon sy wrote:
> > > Mike,
> > > 	Your derscription below is exactly the problem scenario that
> > > I have now.
> > >
> > > 	As an additional observation, you may noticed from the attached
> > > root certificate file I sent you in the previous email, that root
> > > certificate has an extension of ".crt" other than the standard .pem,
> > > .p12, or .der (I do not know whether this as any thing to do with the
> > > CATool by not proving renewal option. But I thought I shoudl at least
> > > mention it.)
> > >
> > > 	Thank again!
> > >
> > >
> > >
> > > Bon
> > >
> > > On Wed, 31 Aug 2005, Mike McCauley wrote:
> > > > Hello Bon,
> > > >
> > > > On Wednesday 31 August 2005 09:58, Bon sy wrote:
> > > > > Mikem
> > > > >
> > > > > 	Thanks for the note. I am aware of the instruction you described
> > > > > below and have been using to renew standard/client/server
> > > > > certificates. My problem is that the root certificate I sent you
> > > > > (or other root certificates) within the CATool environment just was
> > > > > not offered the option of renewal! Even I can renew all other
> > > > > certificates, but not the root certificate (the renewal option does
> > > > > not show up in the web UI).
> > > >
> > > > Perhaps I dont understand your question prperly.
> > > >
> > > > It seems you are talking about some certificates that were generated
> > > > by CAtool, not the CAtool root certificate? And you are using these
> > > > certificates as root certificates for some other application? And
> > > > that these certificates do not have a renew option when you view them
> > > > in the CAtool certificate directory?
> > > >
> > > > Do I understand correctly?
> > > >
> > > > Cheers.
> > > >
> > > > > Bon
> > > > >
> > > > > On Wed, 31 Aug 2005, Mike McCauley wrote:
> > > > > > Hello Bon,
> > > > > >
> > > > > > Thnaks for your note.
> > > > > >
> > > > > > On Tuesday 30 August 2005 12:25, Bon sy wrote:
> > > > > > > I am not talking about the CATool root certificate. But rather
> > > > > > > a root certificate created from using the CATool, which was set
> > > > > > > to expire in one year. See the root certificate in the
> > > > > > > attachment.
> > > > > > >
> > > > > > > In any event, the issue is not whether the root certificate
> > > > > > > lasts for 10 years. But the issue is whether the CATool
> > > > > > > provides a utility to renew the root certificate that was
> > > > > > > generated.
> > > > > > >
> > > > > > > In the case of using openssl, I can easily re-create the root
> > > > > > > certificate (in our old environment). But I could not find the
> > > > > > > user interface in CATool to renewal the root certificate, nor
> > > > > > > could I re-create it via the GUI interface ... even if as the
> > > > > > > last resort we need to re-create the entire CA structure. So,
> > > > > > > does it mean that we need to re-install CATool? This  makes the
> > > > > > > CATool a less-than-idea commercial product.
> > > > > >
> > > > > > You can renew any certificate created with CATool:
> > > > > > 1. From the Main Menu, click on 'View Directory of Certificates'
> > > > > > 2. Click on View next to the certificate you wish to renew.
> > > > > > 3. Scroll down and click on the 'Request Renewal' button.
> > > > > > 4. Click on Submit.
> > > > > > 5. An administrator can then sign the renewed certificate.
> > > > > >
> > > > > > Cheers.
> > > > > >
> > > > > > > Bon
> > > > > > >
> > > > > > > On Tue, 30 Aug 2005, Mike McCauley wrote:
> > > > > > > > Hello,
> > > > > > > >
> > > > > > > > On Tuesday 30 August 2005 00:53, you wrote:
> > > > > > > > > Mike,
> > > > > > > > > 	Sorry that I did not post it to the CATool listserv. I do
> > > > > > > > > not have the email address for that.
> > > > > > > >
> > > > > > > > Its catool at open.com.au
> > > > > > > >
> > > > > > > > > 	I have a (hopefully) rather trival question. I have a root
> > > > > > > > > certificate that has expired. I do not seem to find the
> > > > > > > > > CATool option to renewal the root certificate even I could
> > > > > > > > > easily renewal a client/server certificate. ANy idea?
> > > > > > > >
> > > > > > > > Hmmm, are you sure? Your root certificate should be valid for
> > > > > > > > 10 years.
> > > > > > > >
> > > > > > > > Cheers.
> > > > > > > >
> > > > > > > > > 	Thanks!
> > > > > > > > >
> > > > > > > > > Bon
> > > > > > > >
> > > > > > > > --
> > > > > > > > Mike McCauley                               mikem at open.com.au
> > > > > > > > Open System Consultants Pty. Ltd            Unix, Perl,
> > > > > > > > Motif, C++, WWW 9 Bulbul Place Currumbin Waters QLD 4223
> > > > > > > > Australia http://www.open.com.au Phone +61 7 5598-7474
> > > > > > > > Fax +61 7 5598-7070
> > > > > > > >
> > > > > > > > Radiator: the most portable, flexible and configurable RADIUS
> > > > > > > > server anywhere. SQL, proxy, DBM, files, LDAP, NIS+,
> > > > > > > > password, NT, Emerald, Platypus, Freeside, TACACS+, PAM,
> > > > > > > > external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix,
> > > > > > > > Windows, MacOS etc.
> > > > > >
> > > > > > --
> > > > > > Mike McCauley                               mikem at open.com.au
> > > > > > Open System Consultants Pty. Ltd            Unix, Perl, Motif,
> > > > > > C++, WWW 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> > > > > > http://www.open.com.au Phone +61 7 5598-7474
> > > > > > Fax +61 7 5598-7070
> > > > > >
> > > > > > Radiator: the most portable, flexible and configurable RADIUS
> > > > > > server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password,
> > > > > > NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active
> > > > > > Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc.
> > > > > >
> > > > > > --
> > > > > > Archive at http://www.open.com.au/archives/catool/
> > > > > > Announcements on catool-announce at open.com.au
> > > > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > > > 'unsubscribe catool' in the body of the message.
> > > >
> > > > --
> > > > Mike McCauley                               mikem at open.com.au
> > > > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,
> > > > WWW 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> > > > http://www.open.com.au Phone +61 7 5598-7474                      
> > > > Fax +61 7 5598-7070
> > > >
> > > > Radiator: the most portable, flexible and configurable RADIUS server
> > > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > > > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
> > > > TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc.
> > > >
> > > > --
> > > > Archive at http://www.open.com.au/archives/catool/
> > > > Announcements on catool-announce at open.com.au
> > > > To unsubscribe, email 'majordomo at open.com.au' with
> > > > 'unsubscribe catool' in the body of the message.
> > >
> > > --
> > > Archive at http://www.open.com.au/archives/catool/
> > > Announcements on catool-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe catool' in the body of the message.
> >
> > --
> > Mike McCauley                               mikem at open.com.au
> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia  
> > http://www.open.com.au Phone +61 7 5598-7474                       Fax  
> > +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> > TTLS, PEAP etc on Unix, Windows, MacOS etc.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/catool/
Announcements on catool-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe catool' in the body of the message.

More information about the catool mailing list