yes, it works by having SSL client authentication for an "agent" user, or LDAP basic authentication (without or with a pre-defined pin), or CMC:

example for SSL server cert, look at the profile caAgentServerCert.cfg

example for SSL server cert using CMC, see

https://github.com/dogtagpki/pki/wiki/Issuing-SSL-Server-Certificate-with-CMC

for end user cert, examples with caDirPinUserCert.cfg , caDirUserCert.cfg

from the pki command line with LDAP basic authentication , look for the command cert-request-submit with the --username

either

pki cert-request-submit --help

pki ca-cert-request-submit --help
see

https://www.dogtagpki.org/wiki/Directory-Authenticated_Profiles

On Wed, Oct 28, 2020 at 2:20 AM Wahaj K <mwahaj3120@gmail.com> wrote:

Hi Guys,

I am new to Dogtag PKI and have installed it on fedora 33. I am able to send a PKCS#10 certificate, approve and then get the issued certificate. I need to know a way to generate the certificate without manual approval hence when PKCS#10 request is sent ,the certificate is generated right away. I have looked at profiles, CA configuration but couldn't see a way. I am using Dogtag 10.9. Is this possible? Any guidance is appreciated.

Regards,
Wahaj
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users