Re: [Pki-users] pki cli default CA Admin Unauthorized
On 12/22/2015 2:03 PM, Alex Harrison wrote:
> Verify the admin cert is added with this command:
> pki client-cert-find
> Also see the nickname of the certificate in the above output. The
> nickname is configurable using pki_admin_nickname parameter in the
> pkispawn deployment configuration.
I think you've found my problem. When I issue that command I see:
----------------------
2 certificate(s) found
----------------------
Serial Number: 0x6
Nickname: PKI Administrator for localdomain
Subject DN: CN=PKI Administrator,E=caadmin@localdomain,O=localdomain Security
Domain
Issuer DN: CN=CA Signing Certificate,O=localdomain Security Domain
"E=caadmin@localdomain" is telling me that the nickname is
"caadmin@localdomain", right? So I need to put the whole string in my
command authentication with the -n parameter, not just "caadmin". Is
that correct? If so, that explains my problems. When I use the entire
string with the domain, the commands all work as I expect.
Thanks for your help.
Actually, the "E=..." specifies the email address used to construct the
certificate subject DN. The nickname of the above certificate is "PKI
Administrator for localdomain". If "caadmin@localdomain" works, you
probably have another certificate added with that as a nickname. To
avoid confusions I'd suggest you re-initialize the client database using
pki client-init and reimport the admin certificate. Just let me know if
you still have a problem.
--
Endi S. Dewata