I'm running Fedora 21 with Dogtag 10.2.1-3. My CA's Certificate was given "CA Signing Certificate" as its CN, and I'm wondering how it got that way and it might be customized on install. Running pkispawn interactively definitely didn't give me an opportunity to supply a name, and looking over the config file I could customize also doesn't seem to provide an opportunity to customize this: Dogtag 9 gave the opportunity to customize this as part of the initial setup - where is this done in version 10?

thanks, Ben |pki_admin_email=caadmin(a)example.com <mailto:caadmin@example.com> pki_admin_name=caadmin pki_admin_nickname=caadmin pki_admin_password=Secret123 pki_admin_uid=caadmin pki_backup_keys=True pki_backup_password=Secret123 pki_client_database_password=Secret123 pki_client_database_purge=False pki_client_pkcs12_password=Secret123 pki_ds_base_dn=dc=ca,dc=example,dc=com pki_ds_database=ca pki_ds_password=Secret123 pki_security_domain_name=EXAMPLE pki_token_password=Secret123| _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iKYEARECAGYFAlVVhylfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEY3OTE3QTg3ODE0RkVCQ0YyNjgyOTRENjJF RURDNTVGNjA0N0M3QzcACgkQLu3FX2BHx8cVBgCfR0V7nHJSeUOQR2VdTcehXISQ piEAoJwjWh72sSwSZ2L2o0bq0pU4IJr4 =SjGX -----END PGP SIGNATURE-----

On Fri, May 15, 2015 at 12:29:19AM -0500, Ben Peck wrote: > I'm running Fedora 21 with Dogtag 10.2.1-3. My CA's Certificate was given > "CA Signing Certificate" as its CN, and I'm wondering how it got that way > and it might be customized on install. > > Running pkispawn interactively definitely didn't give me an opportunity to > supply a name, and looking over the config file I could customize also > doesn't seem to provide an opportunity to customize this: > > Dogtag 9 gave the opportunity to customize this as part of the initial > setup - where is this done in version 10? > > thanks, > Ben > Hi Ben, pkispawn(8) does not ask what yo uwant the CN to be, but you can tell it via a configuration file. Minimal pkispawn(8) configuration file: [DEFAULT] pki_admin_password=4me2Test pki_client_database_password=4me2Test pki_client_pkcs12_password=4me2Test pki_ds_password=4me2Test [CA] pki_profiles_in_ldap=True pki_ca_signing_subject_dn=cn=YOUR CN HERE Spawn an instance: $ pkispawn -s CA -f your-config.conf Hope that helps! Fraser > > pki_admin_email=caadmin(a)example.com > pki_admin_name=caadmin > pki_admin_nickname=caadmin > pki_admin_password=Secret123 > pki_admin_uid=caadmin > pki_backup_keys=True > pki_backup_password=Secret123 > pki_client_database_password=Secret123 > pki_client_database_purge=False > pki_client_pkcs12_password=Secret123 > pki_ds_base_dn=dc=ca,dc=example,dc=com > pki_ds_database=ca > pki_ds_password=Secret123 > pki_security_domain_name=EXAMPLE > pki_token_password=Secret123 > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users