Hello,
it turns out that something was wrong with my test environment
because I was receiving random errors when launching the instance
and everything has been working great after moving to a new, clean
virtual machine. Also, your response pointed me to look at the
config file and I realized there was no default admin certificate
path defined so I added the following line:
pki_client_admin_cert = /tmp/ca_admin.cert
However, regardless of the path I define there it always gets
saved to the default /root/.dogtag/intca/ca_admin.cert
so I'm not sure to be using the option properly. Its not a big
deal, but I think it worth metioning anyway.
Other than that everything has been working great so far so thanks
again for pointing me in the right direction.
Regards!
On 6/29/2016 5:10 AM, Carlos Barrabes wrote:
Hello,
Im trying to create an intermediate CA so I can issue certificates with
a trust path pointing to our RootCA but I'm facing some issues while
following the documentation in the project's site.
Once I'm done with step two, you import the external and ca-signing
certificates into a users NSS db and then the wiki says you have to
import the CA admin certificate and key but the problem is there is no
such thing after starting the instance via custom config file or I
simply cannot find them.
Any suggestions?
Thanks for your time!
I am running Dogtag 10.2.6-12 on a Fedora 22 server machine and the
prodecure Im following is this one:
http://pki.fedoraproject.org/wiki/Installing_CA_with_Externaly-Signed_CA_Certificate
Hi,
At the end of the PKI server installation the admin certificate and key will be stored in a PKCS #12 file and the location should be displayed in the final installation message. Usually it is stored in this location:
/root/.dogtag/pki-tomcat/ca_admin_cert.p12
But that could change depending on your deployment configuration that you supplied to pkispawn.
After the PKI server installation you can set up the PKI client to manage CA services. First initialize the client:
$ pki -c Secret123 client-init
Then import the root CA certificate:
$ pki -c Secret123 client-cert-import "Root CA Certificate" --ca-cert root-ca.crt
Then import the PKI CA certificate:
$ pki -c Secret123 client-cert-import "PKI CA Certificate" --ca-cert ca_signing.crt
Then import the CA admin certificate & key:
$ pki -c Secret123 client-cert-import caadmin --pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 --pkcs12-password-file /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
Then you should be able to access CA services as the admin, for example:
$ pki -c Secret123 -n caadmin ca-user-find
Just let me know if you have any question.