README
1dotMacTool notes May 4 2004
2
3-- for now you need this in /etc/hosts:
4
5# for INT2
617.207.20.182 int-cert certmgmt.mac.com certinfo.mac.com
7
8# or, for INT1
917.207.43.109 qa-cert certmgmt.mac.com certinfo.mac.com
10
11-- A good way to run tcpdump to show HTTP traffic on port 2150:
12
13 tcpdump -i en0 -s 0 -A -q tcp port 2150
14
15-- renew cert for existing account doug1 with password 123456:
16
17tower.local:dotMacTool> dotMacTool g -g -u doug1 -Z 123456 -k foobar -r -o /tmp/c2.pem
18<<<snip away debug logging>>>
19...cert acquisition complete
20...2496 bytes of Cert written to /tmp/c2.pem
21
22==============================================
23
24-- demo queued response and retrieval
25 -- set FORCE_SUCCESS_QUEUED to 1 in dotMacTpRpcGlue.cpp, this turns a full
26 success RPC into a successQueued RPC
27
28tower.local:dotMacTool> dotMacTool g -g -u doug1 -Z 123456 -k foobar -r -o /tmp/refid.pem
29<<<snip away debug logging>>>
30...Forcing REQ_QUEUED status
31...cert acquisition complete
32...105 bytes of Cert written to /tmp/refid.pem
33
34...then lookup....
35
36tower.local:dotMacTool> dotMacTool l -f /tmp/refid.pem -o /tmp/cert.pem
37<<<snip away debug logging>>>
38...cert retrieval complete
39...10010 bytes of cert data written to /tmp/cert.pem
40
41==============================================
42
43TO DO
44-----
45
46-- DOT_MAC_LOOKUP_ID_PATH* consts in dotMacTp.h will change to allow loopkup of one
47 specific cert
48-- DOT_MAC_SIGN_HOST_NAME and DOT_MAC_LOOKUP_HOST will change to avoid the port 2150
49
50..........
51
52Aug 10 testing
53
54-- use INT1 environment
55
56� # in /etc/hosts:
57 17.207.20.58 int1-idiskng certmgmt.mac.com certinfo.mac.com
58
59 -- lookup via http://certinfo.mac.com:2150/lookup
60 -- request via certmgmt.mac.com
61
62-- provision http://17.207.20.58:2150/_provision/Public/account
63 -- account dmitch4 pwd password
64 -- signed up for IDEN
65
66 # note no more @mac.com for user name
67 % dotMacTool g -g -u dmitch4 -Z password -k foobar -o /tmp/refid -H certmgmt.mac.com:2150
68...Forcing REQ_QUEUED status
69...Cert request QUEUED
70...77 bytes of RefId written to /tmp/refid
71
72 # note we can't specify alternate host for lookup, have to use !NDEBUG config of .mac TP
73 % dotMacTool l -f /tmp/refid -k foobar
74
75 -- account dmitch5 pwd password
76 -- signed up for EMAIL SIGN
77
78 % dotMacRequest s -u dmitch5 -Z password -k foobar -H certmgmt.mac.com:2150 -a
79 -- request had method sign.email
80 -- response had FailedNotSupportedForAccount
81
82 # try again with ID cert, it works
83 % dotMacRequest i -u dmitch5 -Z password -k foobar -H certmgmt.mac.com:2150 -a
84
85 # get result, nothing in prefs - yep, OK, we ran async
86
87
88 -- dmitch6 password, async, OK
89 -- dmitch7, password
90 ...
91 dmitch10 pwd password
92
93 % dotMacRequest i -u dmitch10 -Z password -k foobar -H certmgmt.mac.com:2150
94 ...works!
95
96 dmitch11 password
97
981/10/05
99
100name dmitch_int2 pwd "password"
101
102% dotMacTool g -g -u dmitch_int2 -Z password -k newDotMac.keychain -o /tmp/refid
103...worked
104
105name dmitch_new pwd password, got a cert
106name dmitch_new2 pwd password
107
108