Re: [Pki-users] install dogtag with exist private key
Good afternoon!
Many thanks! It works!
But I would recommend to add an option when signing OpenSSL -set_serial 1.
Then the imported root certificate will have the correct serial number 1.
Anatoly.
2016-06-16 18:13 GMT+03:00 Endi Sukma Dewata <edewata(a)redhat.com>:
On 06/16/2016 09:47 AM, anater dembelov wrote:
> By an example from
>
> http://pki.fedoraproject.org/wiki/Installing_CA_with_OpenSSL_CA_Certificate
> I created keys, request and the certificate.
> But!
> [root@f23-zero ~] # pki pkcs12-cert-mod - pkcs12-file ca.p12 "CA
> Certificate" - pkcs12-password-file password.txt - trust-flags CTu, Cu, Cu
> NotInitializedException: null
>
> Not work!?
>
> Help!
>
Hi, it looks like you need to create an NSS database for the pki tool
first:
$ pki -c Secret123 client-init
For the --trust-flags option there should not be any space between the
flags. And make sure the double-dashes are written exactly as in the
example.
I've updated the wiki page based on your feedback. Thanks!
Just let me know if there are other problems.
--
Endi S. Dewata
Attachments:
- attachment.html (text/html — 1.8 KB)