Re: [Pki-users] Automatically generate certificates without approval
yes, it works by having SSL client authentication for an "agent" user, or
LDAP basic authentication (without or with a pre-defined pin), or CMC:
example for SSL server cert, look at the profile caAgentServerCert.cfg
example for SSL server cert using CMC, see
https://github.com/dogtagpki/pki/wiki/Issuing-SSL-Server-Certificate-with...
for end user cert, examples with caDirPinUserCert.cfg , caDirUserCert.cfg
from the pki command line with LDAP basic authentication , look for the
command cert-request-submit with the --username
either
pki cert-request-submit --help
or
pki ca-cert-request-submit --help
see
https://www.dogtagpki.org/wiki/Directory-Authenticated_Profiles
On Wed, Oct 28, 2020 at 2:20 AM Wahaj K <mwahaj3120(a)gmail.com> wrote:
Hi Guys,
I am new to Dogtag PKI and have installed it on fedora 33. I am able to
send a PKCS#10 certificate, approve and then get the issued certificate. I
need to know a way to generate the certificate without manual approval
hence when PKCS#10 request is sent ,the certificate is generated right
away. I have looked at profiles, CA configuration but couldn't see a way. I
am using Dogtag 10.9. Is this possible? Any guidance is appreciated.
Regards,
Wahaj
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
Attachments:
- attachment.html (text/html — 2.2 KB)