Good afternoon!

Many thanks! It works!

But I would recommend to add an option when signing OpenSSL -set_serial 1.

Then the imported root certificate will have the correct serial number 1.

Anatoly.

2016-06-16 18:13 GMT+03:00 Endi Sukma Dewata <edewata@redhat.com>:

On 06/16/2016 09:47 AM, anater dembelov wrote:

By an example from
http://pki.fedoraproject.org/wiki/Installing_CA_with_OpenSSL_CA_Certificate
I created keys, request and the certificate.
But!
[root@f23-zero ~] # pki pkcs12-cert-mod - pkcs12-file ca.p12 "CA
Certificate" - pkcs12-password-file password.txt - trust-flags CTu, Cu, Cu
NotInitializedException: null

Not work!?

Help!

Hi, it looks like you need to create an NSS database for the pki tool first:

$ pki -c Secret123 client-init

For the --trust-flags option there should not be any space between the flags. And make sure the double-dashes are written exactly as in the example.

I've updated the wiki page based on your feedback. Thanks!
Just let me know if there are other problems.

--
Endi S. Dewata