-
Notifications
You must be signed in to change notification settings - Fork 139
Submitting Certificate Request with Key Archival
Endi S. Dewata edited this page Feb 13, 2024
·
11 revisions
This page describes the process to generate a certificate request and submit it with key archival.
There are several ways to generate and submit the request:
-
using
CRMFPopClient
-
using
pki client-cert-request
The following certificate profiles support key archival:
-
caECUserCert
-
caDualCert
-
caSigningUserCert
First, obtain KRA transport certificate (see Getting KRA Transport Certificate).
Then submit the certificate request with the following command:
$ CRMFPopClient \ -d ~/.dogtag/nssdb \ -p "" \ -m pki.example.com:8080 \ -f caDualCert \ -n UID=testuser \ -u testuser \ -b kra_transport.crt Submitting CRMF request to pki.example.com:8080 Request ID: 10 Request Status: pending Reason:
Submit a certificate request with the following command:
$ pki client-cert-request UID=testuser \ --profile caDualCert \ --type crmf ----------------------------- Submitted certificate request ----------------------------- Request ID: 10 Type: enrollment Request Status: pending Operation Result: success
By default it will download the transport certificate from the CA. To use a transport certificate stored in a local file, specify --transport <filename>
. Either way, the transport certificate will be imported into the client’s NSS database.
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |