-
Notifications
You must be signed in to change notification settings - Fork 137
Issuing OCSP Certificates with PKI CA
Endi S. Dewata edited this page Jun 8, 2023
·
4 revisions
This page describes the process to issue OCSP certificates with pki ca command on PKI 10.8 or later.
For older versions, see:
The certificate requests can be submitted to a PKI CA with the following commands:
$ pki -U <CA URL> ca-cert-request-submit --profile caSignedLogCert --csr-file ocsp_audit_signing.csr $ pki -U <CA URL> ca-cert-request-submit --profile caOCSPCert --csr-file ocsp_signing.csr $ pki -U <CA URL> ca-cert-request-submit --profile caServerCert --csr-file ocsp_sslserver.csr $ pki -U <CA URL> ca-cert-request-submit --profile caSubsystemCert --csr-file ocsp_subsystem.csr $ pki -U <CA URL> ca-cert-request-submit --profile AdminCert --csr-file ocsp_admin.csr
The CA admin can approve the request by executing the following command:
$ pki -U <CA URL> -u caadmin -w Secret.123 ca-cert-request-approve <request ID>
The certificates and the CA signing certificate can be downloaded with the following commands:
$ pki -U <CA URL> ca-cert-export <cert ID> --output-file ocsp_admin.crt $ pki -U <CA URL> ca-cert-export <cert ID> --output-file ocsp_audit_signing.crt $ pki -U <CA URL> ca-cert-export <cert ID> --output-file ocsp_signing.crt $ pki -U <CA URL> ca-cert-export <cert ID> --output-file ocsp_sslserver.crt $ pki -U <CA URL> ca-cert-export <cert ID> --output-file ocsp_subsystem.crt $ pki -U <CA URL> ca-cert-signing-export --output-file ca_signing.crt
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |