Re: [Pki-users] How to setup PKI Administrator user

On 4/9/2015 2:23 PM, Jain, Mahendra wrote: > Thanks Niranjan, > > I submitted 'Manual User Dual-Use Certificate Enrollment¹ via End User > interface and got it approved via agent interface and imported it to > browser including the keys. > > My confusion is where the keys (private key) came from? Was it > automatically generated when I submitted the Certificate Enrollment > request via browser? Or was it created by the Dogtag server and >delivered > it to browser when I imported the cert? > > > Thanks in advance. > Mahendra > To my understanding the current UI relies on a Firefox feature to generate a private key in the browser. However, this feature is going away in future Firefox, so Dogtag is now providing a way to generate a private key using the CLI: http://pki.fedoraproject.org/wiki/User_Certificate The private key later can be imported into Firefox. If you want to use a non-root Linux user as CA admin with a new certificate, follow the above page to generate the certificate, then add the user into the admin group. If you want to use a non-root Linux user as CA admin with existing CA admin certificate, follow this instruction: http://pki.fedoraproject.org/wiki/CA_Admin_Setup -- Endi S. Dewata