-
Notifications
You must be signed in to change notification settings - Fork 139
PKI Server CA Certificate CLI
To list certificates in CA:
$ pki-server ca-cert-find
To create a certificate from a certificate request in CA:
$ pki-server ca-cert-create \ --request <ID> \ --profile <filename> \ [--type <type>] \ [--key-id <ID>] \ [--serial <number>]
where:
-
The
--request
parameter specifies the request ID. -
The
--profile
parameter specifies the filename of the bootstrap profile in/var/lib/pki/pki-tomcat/conf/ca
without the path (e.g.serverCert.profile
). -
The
--type
parameter specifies whether the certificate to be created is self-signed (i.e.selfsign
) or signed by another certificate (i.e.local
). -
The
--key-id
parameter specifies the key to be used for self-signed certificate. -
The
--serial
parameter specifies an optional serial number for the new certificate. If the serial number is not specified and the certificate ID generator is configured torandom
, a new random serial number will be generated automatically.
Availability: Since PKI 11.3.
To import a certificate into CA:
$ pki-server ca-cert-import \ --cert <path> \ --profile <filename> \ --request <ID>
where:
-
The
--profile
parameter specifies the filename of the bootstrap profile in/var/lib/pki/pki-tomcat/conf/ca
without the path (e.g.serverCert.profile
).
Availability: Since PKI 11.3.
To remove a certificate from CA:
$ pki-server ca-cert-del <serial>
To export certificate chain to install additional subsystems:
$ pki-server ca-cert-chain-export --pkcs12-file cert-chain.p12 --pkcs12-password-file password.txt
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |