-
Notifications
You must be signed in to change notification settings - Fork 146
Submitting Certificate Request with Key Archival
Endi S. Dewata edited this page Apr 14, 2021
·
14 revisions
The following certificate profiles support key archival:
-
caSigningUserCert
-
caDualCert
First, obtain KRA transport certificate (see Getting KRA Transport Certificate).
Then submit the certificate request with the following command:
$ CRMFPopClient \
-d ~/.dogtag/nssdb \
-p Secret.123 \
-n CN=testuser \
-f caSigningUserCert \
-b transport.pem \
-m $HOSTNAME:8080 \
-u testuser \
-r testuser
Submitting CRMF request to server.example.com:8080
Request ID: 10
Request Status: pending
Reason:
Submit a certificate request with the following command:
$ pki -c Secret.123 client-cert-request CN=testuser --profile caSigningUserCert --type crmf ----------------------------- Submitted certificate request ----------------------------- Request ID: 10 Type: enrollment Request Status: pending Operation Result: success
By default it will download the transport certificate from the CA. To use a transport certificate stored in a local file, specify --transport <filename>. Either way, the transport certificate will be imported into the client’s NSS database.
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |