Re: [Pki-users] How to setup PKI Administrator user
On 4/9/2015 2:23 PM, Jain, Mahendra wrote:
Thanks Niranjan,
I submitted 'Manual User Dual-Use Certificate EnrollmentĀ¹ via End User
interface and got it approved via agent interface and imported it to
browser including the keys.
My confusion is where the keys (private key) came from? Was it
automatically generated when I submitted the Certificate Enrollment
request via browser? Or was it created by the Dogtag server and delivered
it to browser when I imported the cert?
Thanks in advance.
Mahendra
To my understanding the current UI relies on a Firefox feature to
generate a private key in the browser. However, this feature is going
away in future Firefox, so Dogtag is now providing a way to generate a
private key using the CLI:
http://pki.fedoraproject.org/wiki/User_Certificate
The private key later can be imported into Firefox.
If you want to use a non-root Linux user as CA admin with a new
certificate, follow the above page to generate the certificate, then add
the user into the admin group.
If you want to use a non-root Linux user as CA admin with existing CA
admin certificate, follow this instruction:
http://pki.fedoraproject.org/wiki/CA_Admin_Setup
--
Endi S. Dewata