Re: [Pki-users] Can I change the CN = CA Signing Certificate to something else?

On Fri, May 15, 2015 at 12:29:19AM -0500, Ben Peck wrote: > I'm running Fedora 21 with Dogtag 10.2.1-3. My CA's Certificate was given > "CA Signing Certificate" as its CN, and I'm wondering how it got that way > and it might be customized on install. > > Running pkispawn interactively definitely didn't give me an opportunity to > supply a name, and looking over the config file I could customize also > doesn't seem to provide an opportunity to customize this: > > Dogtag 9 gave the opportunity to customize this as part of the initial > setup - where is this done in version 10? > > thanks, > Ben > Hi Ben, pkispawn(8) does not ask what yo uwant the CN to be, but you can tell it via a configuration file. Minimal pkispawn(8) configuration file: [DEFAULT] pki_admin_password=4me2Test pki_client_database_password=4me2Test pki_client_pkcs12_password=4me2Test pki_ds_password=4me2Test [CA] pki_profiles_in_ldap=True pki_ca_signing_subject_dn=cn=YOUR CN HERE Spawn an instance: $ pkispawn -s CA -f your-config.conf Hope that helps! Fraser > > pki_admin_email=caadmin(a)example.com > pki_admin_name=caadmin > pki_admin_nickname=caadmin > pki_admin_password=Secret123 > pki_admin_uid=caadmin > pki_backup_keys=True > pki_backup_password=Secret123 > pki_client_database_password=Secret123 > pki_client_database_purge=False > pki_client_pkcs12_password=Secret123 > pki_ds_base_dn=dc=ca,dc=example,dc=com > pki_ds_database=ca > pki_ds_password=Secret123 > pki_security_domain_name=EXAMPLE > pki_token_password=Secret123 > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users