This might sound confusing, so let me rephrase.
Is there an existing template to create a subordinate CA certificate? If not, is there a
cheatsheet on creating one? I am able to get to the pkiconsole piece to create a new
profile, but I'm hoping that I don't have to create one because truthfully that
piece is starting to become way over my head. ;)
Thanks,
Michelle Taggart
x5166
----- Original Message -----
From: "Michelle Taggart" <mdemansana(a)philasd.org>
To: "John Magne" <jmagne(a)redhat.com>
Cc: pki-users(a)redhat.com
Sent: Tuesday, July 23, 2013 3:24:12 PM
Subject: Re: [Pki-users] Creation of a server certificate with an itermediary
CA attribute
I do see that. What I'm confused is to what bits or attributes within the profile I
need to include/exclude/add in order to make the sample Server Cert profile to also do CA
function.
Thanks,
Michelle Taggart
x5166
----- Original Message -----
From: "John Magne" <jmagne(a)redhat.com>
To: "Michelle Taggart" <mdemansana(a)philasd.org>
Cc: pki-users(a)redhat.com
Sent: Tuesday, July 23, 2013 2:18:23 PM
Subject: Re: [Pki-users] Creation of a server certificate with an itermediary
CA attribute
You could go into the directory /var/lib/pki-ca/profiles/ca
Find the profile you want to clone, which is in a file XXXX.cfg
Copy that file to a new name that you want.
Put an entry for that new profile in the conf/CS.cfg file under the heading:
profiles.list
Then you could either manually edit this file if you know how to, or use the pkiconsole to
add stuff to it.
In order for the console to be able to edit a profile, it must be marked as
"disabled" in the agent web interface.
----- Original Message -----
From: "Michelle Taggart" <mdemansana(a)philasd.org>
To: pki-users(a)redhat.com
Sent: Tuesday, July 23, 2013 10:38:38 AM
Subject: [Pki-users] Creation of a server certificate with an itermediary CA attribute
Hi,
I'm quite new at the concept, but is there a way to clone a server certificate profile
and give it an intermediary CA attribute? I'm trying to generate a cert that a proxy
server uses to decrypt SSL traffic. The CSR that the proxy creates requests for a server
certificate with subCA ability, for issuing certificates.
Thanks,
Michelle T
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users