Re: [Pki-users] pki cli default CA Admin Unauthorized

Thanks for the help. All I really need to do is to use the default admin to approve certificate requests. These are the steps I am attempting to use to accomplish that goal: First, I import the admin cert: pki -c Secret123 client-cert-import --pkcs12 ~/.dogtag/pki-tomcat/ca_admin_cert.p12 --pkcs12-password secret123 ---------------------------------------- Imported certificates from PKCS #12 file ---------------------------------------- Then I find a request: pki ca-cert-request-show 7 ----------------------- Certificate request "7" ----------------------- Request ID: 7 Type: enrollment Request Status: pending Operation Result: success Then I try to approve it: pki ca-cert-request-review 7 --action approve Unauthorized So then I try to use the database that I initiated and imported the admin certificate into:pki -c Secret123 -n caadmin ca-cert-request-review 7 --action approve ProcessingException: Unable to invoke request It seems as if these are the steps I need to take, but I must have a detail incorrect. Thanks for you help. On Monday, December 21, 2015 7:41 PM, Endi Sukma Dewata <edewata(a)redhat.com&gt; wrote: On 12/21/2015 4:52 PM, Alex Harrison wrote: approve requests using the default ca admin created at install using the commands from the wiki: seems I receive this any time I perform either an admin or agent command. Any idea what steps I am missing? Hi, The above wiki page is actually used to create a new CA admin user, which requires an existing CA admin to approve it. When you install CA subsystem it will have a default CA admin user which you can use directly. It's not necessary to create another CA admin user unless you want to give admin access to someone else. To use the default CA admin user please take a look at this page: http://pki.fedoraproject.org/wiki/Default_CA_Admin You can either import the CA admin cert into ~/.dogtag/nssdb first, or use it directly from ~/.dogtag/pki-tomcat/ca/alias if you created the CA with pki_client_database_purge=False. If you're still having issues, could you post the exact commands you're trying to execute? Thanks. -- Endi S. Dewata