[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PKINIT - hash for CA key



Title: RE: PKINIT - hash for CA key

Thanks!  I should have caught that, the subject
didn't have the domain in the server cert.  As
far as hashing I'm not sure what you mean't by
intermediate cert, but I had a CA(hashed),
Server (Non-hashed), and User (Non-hashed)
certs and I got my ticket.

cs

-----Original Message-----
From: Mario Strasser [mailto:mario.strasser@zhwin.ch]
Sent: Tuesday, October 22, 2002 1:02 AM
To: STEWARD, Curtis (Jamestown)
Cc: heimdal-discuss@sics.se; kouril@ics.muni.cz
Subject: Re: PKINIT - hash for CA key


Hi,

On Monday 21 October 2002 20:13, STEWARD, Curtis (Jamestown) wrote:
> [...]
> Thanks, that worked, but it still errors against the KDC.
> I'm assuming the CA Cert(s) are all that is necessary to hash?
The root ca certificate as well as the intermediate
ca certificates.

> [...]
> kinit: krb5_get_init_creds: KDC not trusted
> [...]
> pkinit_server = keith.jms.domain.com:88
>
The subject (or the subject alternative name) of
the server certificate must contain the DNS name
of the KDC (keith.jms.domain.com).

Regards,
Mario

Content Security by MailMarshal