Re: [Pki-users] Update CA name "CA Signing Certificate" to a more meaninful name
On 08/16/2014 12:28 PM, Ricardo Alexander Alexander Perez Ricardez wrote:
Hi, I create a CA in Interactive way, with default values:
pkispawn use this file: etc/pki/default.cfg
This file contains the value: pki_ca_signing_subject_dn=cn=CA Signing
Certificate,o=%(pki_security_domain_name)s
Therefore, the CA is created with the default value: "CA Signing Certificate"
I would change this to a more meaningful name, It’s possible update or change the name
“CA Signing Certificate” to a new value name?
pkispawn use argument -u "update instance of specified subsystem", It's
possible to update the value using this option?
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
It is in fact highly recommended
to customize all the subject names, and
HTML pages if used.
cp -p /usr/share/pki/ca/conf/CS.cfg /usr/share/pki/ca/conf/CS.cfg.orig
vim /usr/share/pki/ca/conf/CS.cfg
...
preop.cert.signing.userfriendlyname=testms CA Signing Certificate
preop.cert.audit_signing.userfriendlyname=testms CA Audit Signing
Certificate
preop.cert.ocsp_signing.userfriendlyname=testms OCSP Signing Certificate
preop.cert.sslserver.userfriendlyname=testms SSL Server Certificate
preop.cert.subsystem.userfriendlyname=testms Subsystem Certificate
...
The u option of pkispawn was removed.
There is now a tool called pki-upgrade to update those config files or
template when there is a package update or a manual change, so the
existing instances can get the newer config files.
But in this case, the certificates need to be re-issued, so it is more a
change before creating a CA instance.
Thanks,
M.