Re: [Pki-users] Subordinate CA setup procedures
pkispawn -s CA -f subca.cfg
Here's a sample config file:
[DEFAULT]
pki_admin_password=password123
pki_client_database_password=password123
pki_client_pkcs12_password=password123
pki_ds_password=password123
pki_security_domain_password=password123
pki_security_domain_hostname=dogtag.example.com
pki_security_domain_https_port=8443
pki_security_domain_user=caadmin
pki_ajp_port=8010
pki_tomcat_server_port=8006
pki_https_port=8453
pki_http_port=8090
pki_instance_name=pki-subca
[CA]
pki_subordinate=True
pki_issuing_ca=https://dogtag.example.com:8443
pki_ca_signing_subject_dn=cn=subca signing, o=example.com
Some notes:
1. The issuing CA and security domain port settings are for the root CA.
2. The other port settings and the pki_instance_name are set because I
installed the sub CA on the same host as the root CA. You can take the
defaults on these if the subCA is on a different host.
On Fri, 2014-12-19 at 15:04 +1000, Fraser Tweedale wrote:
On Thu, Dec 18, 2014 at 06:14:08PM +0000, Dennis Gnatowski wrote:
>
> Can someone provide or point me to documentation on setting up a subordinate CA? I
have a Root CA running DogTag 10.1.1 on Fedora 20 and I just want to create a subordinate
CA to this Root CA (also using DogTag).
> -----------------------------------------------------------
> Dennis Gnatowski
> dgnatowski(a)yahoo.com
Hi Dennis,
You need to provide a config file to pkispawn(8) to install a
subordinate CA. See section "Installing a subordinate CA" in the
pkispawn(8) man page for more information.
Regards,
Fraser
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users