#784 DOC: Using a legacy Apache-based Dogtag 10.1 TPS with a Dogtag 10.1 TKS
Closed: Fixed None Opened 9 years ago by mharmsen.

Document the additional steps necessary to use a legacy Apache-based Dogtag 10.1 TPS with a Dogtag 10.1 TKS.

Basically, this will consist of the following steps:

  • install a CA
  • install a DRM (optional)
  • install a TKS (run tkstool to create a sharedSecret)
  • install a TPS (run tkstool to install the sharedSecret)
  • stop the DS, TKS, and TPS
  • turn off syntax checking in the DS
  • add something similar to the following values in the TKS CS.cfg:
tps.0.port=<secure port>
tps.0.userid=TPS-<hostname>-<secure port>
  • start the DS, TKS, and TPS
  • add a test user to the DS
# ldapadd -x -D "cn=Directory Manager" -w <password> -h localhost -f sample.ldif

  where 'sample.ldif' contains something like the following:

       dn: uid=<uid>,ou=People,dc=example,dc=com
       objectClass: person
       objectClass: organizationalPerson
       objectClass: inetorgperson
       objectClass: top
       objectClass: extensibleobject
       cn: <uid>
       sn: <uid>
       uid: <uid>
       givenName: <uid>
       mail: <uid>@<domain>
       firstname: <uid>
       edipi: 123456789
       pcc: AA
       exec-edipi: 999999999
       exec-pcc: BB
       exec-mail: <uid>@r<domain>
       userPassword: <password>
  • obtain the TPS ports by running something similar to the following:
# pkicontrol status tps pki-tps
  • create a sample test format file, 'format.tst', similar to the following:
       op=var_set name=ra_host value=<hostname>
       op=var_set name=ra_port value=<unsecure port>
       op=var_set name=ra_uri value=/nk_service
       op=token_set cuid=40906145C76224192D2B msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
       op=token_set auth_key=404142434445464748494a4b4c4d4e4f
       op=token_set mac_key=404142434445464748494a4b4c4d4e4f
       op=token_set kek_key=404142434445464748494a4b4c4d4e4f
       op=ra_format uid=<uid> pwd=<password> new_pin=<password> num_threads=1
  • run a sample format test using 'tpsclient':
# tpsclient < format.tst

  which should finish successfully with something similar to this:

      Output> Thread (0) status='1' time='3019 msec'
      Result> Success - Operation 'ra_format' Success (3019 msec)

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.1 - 10/13 (October)

6 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.