-
Notifications
You must be signed in to change notification settings - Fork 137
Certificate Renewal with Directory Authenticated Profile
Endi S. Dewata edited this page Aug 2, 2023
·
1 revision
Execute the following command to submit the renewal request. It will prompt for the LDAP password:
$ pki -U https://$HOSTNAME:8443 -c Secret.123 -n testuser client-cert-request \
--profile caDirUserRenewal --username testuser --password
Password: ********
-----------------------------
Submitted certificate request
-----------------------------
Request ID: 23
Type: renewal
Request Status: complete
Operation Result: success
Certificate ID: 0x11
The certificate will be issued immediately.
Remove the old certificate from the client NSS database:
$ pki -c Secret.123 client-cert-del testuser ------------------------------ Removed certificate "testuser" ------------------------------
Import the new certificate into the client NSS database:
$ pki -c Secret.123 client-cert-import testuser --serial 0x11 ------------------------------- Imported certificate "testuser" -------------------------------
Verify with the following command:
$ pki -c Secret.123 client-cert-find ---------------------- 2 certificate(s) found ---------------------- Serial Number: 0x1 Nickname: CA Signing Certificate - EXAMPLE Subject DN: CN=CA Signing Certificate,O=EXAMPLE Issuer DN: CN=CA Signing Certificate,O=EXAMPLE Serial Number: 0x11 Nickname: testuser Subject DN: UID=testuser,OU=People,DC=example,DC=com Issuer DN: CN=CA Signing Certificate,O=EXAMPLE ---------------------------- Number of entries returned 2 ----------------------------
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |