Hi,

I managed to install CA with an existing CA certificate generated by OpenSSL:

http://pki.fedoraproject.org/wiki/Installing_CA_with_OpenSSL_CA_Certificate

The only thing is it depends on a tool that has not been added yet (see patch #768 in pki-devel list). Hopefully the tool will make it into Dogtag 10.3.3, but in the meantime feel free to create a custom build with the patch.

--
Endi S. Dewata


On 6/13/2016 12:53 PM, Christina Fu wrote:

hi Anater,

Not at the moment, but the feature did cross my mind at some point, and
I don't think it's that hard to implement.  What we need though is a
business case.  Could you provide reasoning for a useful scenario so
maybe we can build a business case to introduce such feature in the
future release?

thanks,
Christina

On 06/13/2016 10:43 AM, anater dembelov wrote:

Hi Christina!

I only have the private key. I would like to generate with it
ca_signing.csr and ca_signing.pem. Next, import the installation of
the new CA. How can I do it?

Thank you.

2016-06-13 19:46 GMT+03:00 Christina Fu <cfu@redhat.com
<mailto:cfu@redhat.com>>:

    Hi Anater,

    Not sure if anyone responded.  We have something called "Existing
    CA" for new installations with 10.3.2 (or 1?).  It's an option to
    allow reusing cert/keys of an existing CA.
    I'm not very certain of the info link, but here is one that might
    have some info (Endi please clarify... ):

    pki.fedoraproject.org/wiki/Installing_CA_with_Existing_CA_Certificate
    <http://pki.fedoraproject.org/wiki/Installing_CA_with_Existing_CA_Certificate>

    Christina


    On 06/09/2016 10:06 AM, anater dembelov wrote:

    Good afternoon!

    Help me please.
    I have a private key, packages generate openssl.

    I have dogtag 10.3 installation to introduce my private key, as
    the root signing certificate.
    What need to do?

    Thank you so much.