Re: [Pki-users] Intermediate CA
On 6/29/2016 5:10 AM, Carlos Barrabes wrote:
Hello,
Im trying to create an intermediate CA so I can issue certificates with
a trust path pointing to our RootCA but I'm facing some issues while
following the documentation in the project's site.
Once I'm done with step two, you import the external and ca-signing
certificates into a users NSS db and then the wiki says you have to
import the CA admin certificate and key but the problem is there is no
such thing after starting the instance via custom config file or I
simply cannot find them.
Any suggestions?
Thanks for your time!
I am running Dogtag 10.2.6-12 on a Fedora 22 server machine and the
prodecure Im following is this one:
http://pki.fedoraproject.org/wiki/Installing_CA_with_Externaly-Signed_CA_...
Hi,
At the end of the PKI server installation the admin certificate and key
will be stored in a PKCS #12 file and the location should be displayed
in the final installation message. Usually it is stored in this location:
/root/.dogtag/pki-tomcat/ca_admin_cert.p12
But that could change depending on your deployment configuration that
you supplied to pkispawn.
After the PKI server installation you can set up the PKI client to
manage CA services. First initialize the client:
$ pki -c Secret123 client-init
Then import the root CA certificate:
$ pki -c Secret123 client-cert-import "Root CA Certificate" --ca-cert
root-ca.crt
Then import the PKI CA certificate:
$ pki -c Secret123 client-cert-import "PKI CA Certificate" --ca-cert
ca_signing.crt
Then import the CA admin certificate & key:
$ pki -c Secret123 client-cert-import caadmin --pkcs12
/root/.dogtag/pki-tomcat/ca_admin_cert.p12 --pkcs12-password-file
/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
Then you should be able to access CA services as the admin, for example:
$ pki -c Secret123 -n caadmin ca-user-find
Just let me know if you have any question.
--
Endi S. Dewata