<div>
                    Hi,
                </div><div><br></div><div>I also test certificate generation on devstack.</div><div>I added below configuration to barbican.conf.</div><div><br></div><div>    enabled_certificate_plugins = snakeoil_ca</div><div><br></div><div>    [snakeoil_ca_plugin]</div><div>    ca_cert_path = /path/to/ca_cert</div><div>    ca_cert_key_path = /path/to/ca_key</div><div><br></div><div>and request ca list using curl</div><div><br></div><div><div>    curl  -H 'content-type:application/json' \</div><div>          -H "X-Auth-Token: e628cc7bb2c94192a0656af3cfc11bdc" \</div><div>          http://localhost:9311/v1/cas</div></div>
                <div><div><br></div><div>but there is no cas in the response.</div><div>It seems that default CA is also absent.</div><div><br></div><div>So what should I do get ca list?</div><div><br></div><div>Thanks</div><div>-OTSUKA, Motohiro/Yuanying</div><div><br></div></div>
                 
                <p style="color: #A0A0A8;">On Friday, May 22, 2015 at 01:45, Ganesh Narayanan (ganeshna) wrote:</p>
                <blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
                    <span><div><div>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">


<div>Hi,</div>
<div><br>
</div>
<div>I am running devstack on Ubuntu as a virtual machine.  Please let me know how do I enable dogtag and symantec plugins for certificates.  Should I enable them in local.conf of devstack ?  I see the below check for BARBICAN_USE_DOGTAG, but not sure what
 option I should enable for this.</div>
<div><br>
</div>
<div>Also to use dogtag CA, should I be running devstack on Fedora instead of Ubuntu for local development ?</div>
<div><br>
</div>
<div>devstack/extras.d/70-barbican.sh:</div>
<div><br>
</div>
<div>elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then</div>
<div>        echo_summary "Configuring Barbican"</div>
<div>        configure_barbican</div>
<div>        if [[ -n $BARBICAN_USE_DOGTAG ]]; then  <<<</div>
<div>            configure_dogtag_plugin</div>
<div>        Fi</div>
<div><br>
</div>
<div>CA Plugins installed</div>
<div>================</div>
<div><br>
</div>
<div>curl  -H 'content-type:application/json' -H "X-Auth-Token:ea0454c4e1b9404c8405c20f4a54c390" <a href="http://localhost:9311/v1/cas/">http://localhost:9311/v1/cas/</a></div>
<div>{"cas": ["<a href="http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468">http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468</a>"], "total": 1}</div>
<div><br>
</div>
<div>curl  -H 'content-type:application/json' -H "X-Auth-Token:ea0454c4e1b9404c8405c20f4a54c390" <a href="http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468">http://localhost:9311/v1/cas/c1ca4ea6-0b93-47aa-90ed-a52352e67468</a></div>
<div>{"status": "ACTIVE", "updated": "2015-05-21T16:27:04", "created": "2015-05-21T16:27:04", "plugin_name": "barbican.plugin.simple_certificate_manager.SimpleCertificatePlugin", "meta": [{"ca_signing_cert": "XXXXXXXXXXXXXXXXX"}, {"intermediates": "YYYYYYYYYYYYYYYY"},
 {"name": "Simple CA"}, {"description": "Certificate Authority - Simple CA"}], "ca_id": "c1ca4ea6-0b93-47aa-90ed-a52352e67468", "plugin_ca_id": "Simple CA", "expiration": "2015-05-22T16:27:04”}</div>
<div><br>
</div>
<div><br>
</div>
<div>Certificate creation request</div>
<div>=======================</div>
<div><br>
</div>
<div>With the default CA, if I try to generate certificate, it stays in the Pending state:</div>
<div><br>
</div>
<div>test@ubuntu:~/devstack$ </div>
<div>test@ubuntu:~/devstack$ curl -X POST -H 'content-type:application/json' -H "X-Auth-Token:6df4ccb04575456cbd284eee99afa9eb" -d'{"type":"certificate","meta":{"profile_id":"caServCert","cert_request_type":"pkcs10","cert_request":"MII"}}' <a href="http://localhost:9311/v1/orders/">http://localhost:9311/v1/orders/</a></div>
<div>{"order_ref": "<a href="http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f">http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f</a>”}</div>
<div><br>
</div>
<div><br>
</div>
<div>test@ubuntu:~/devstack$ </div>
<div>test@ubuntu:~/devstack$ curl -H "X-Auth-Token:488903bb6dbf4cd3a10f2eb10a7e54e0" <a href="http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f">http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f</a></div>
<div>{"status": "PENDING", "sub_status": "cert_request_pending", "updated": "2015-05-21T16:44:28", "created": "2015-05-21T16:44:28", "order_ref": "<a href="http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f">http://localhost:9311/v1/orders/6ec10fb0-c4b4-418f-8d56-af48a85c1e7f</a>", "creator_id": "992f4bb2499a473d9e40dc44dc9633ed",
 "meta": {"profile_id": "caServCert", "cert_request": "MII", "cert_request_type": "pkcs10"}, "sub_status_message": "Request has been submitted to the CA.  Waiting for certificate to be generated", "type": "certificate"}test@ubuntu:~/devstack$ </div>
<div><br>
</div>
<div>Links that I referred</div>
<div>=================</div>
<div><a href="https://wiki.openstack.org/wiki/BarbicanDevStack">https://wiki.openstack.org/wiki/BarbicanDevStack</a></div>
<div><br>
</div>
<div>Thanks,</div>
<div>Ganesh</div>
<div><br>
</div>
<div><br>
</div>


</div><div><div>__________________________________________________________________________</div><div>OpenStack Development Mailing List (not for usage questions)</div><div>Unsubscribe: <a href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a></div><div><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></div></div></div></span>
                 
                 
                 
                 
                </blockquote>
                 
                <div>
                    <br>
                </div>