<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello, <br>
</p>
<p>it turns out that something was wrong with my test environment
because I was receiving random errors when launching the instance
and everything has been working great after moving to a new, clean
virtual machine. Also, your response pointed me to look at the
config file and I realized there was no default admin certificate
path defined so I added the following line:
<br>
<br>
pki_client_admin_cert = /tmp/ca_admin.cert
<br>
<br>
However, regardless of the path I define there it always gets
saved to the default <i class="moz-txt-slash"><span
class="moz-txt-tag">/</span>root<span class="moz-txt-tag">/</span></i>.dogtag/intca/ca_admin.cert
so I'm not sure to be using the option properly. Its not a big
deal, but I think it worth metioning anyway.
<br>
<br>
Other than that everything has been working great so far so thanks
again for pointing me in the right direction.
<br>
<br>
Regards!
</p>
<br>
<div class="moz-cite-prefix">On 07/01/2016 04:47 AM, Endi Sukma
Dewata wrote:<br>
</div>
<blockquote
cite="mid:bb8d4db0-e543-ff80-cc8b-ada9312cfdff@redhat.com"
type="cite">On 6/29/2016 5:10 AM, Carlos Barrabes wrote:
<br>
<blockquote type="cite">Hello,
<br>
<br>
Im trying to create an intermediate CA so I can issue
certificates with
<br>
a trust path pointing to our RootCA but I'm facing some issues
while
<br>
following the documentation in the project's site.
<br>
<br>
Once I'm done with step two, you import the external and
ca-signing
<br>
certificates into a users NSS db and then the wiki says you have
to
<br>
import the CA admin certificate and key but the problem is there
is no
<br>
such thing after starting the instance via custom config file or
I
<br>
simply cannot find them.
<br>
<br>
Any suggestions?
<br>
<br>
Thanks for your time!
<br>
<br>
I am running Dogtag 10.2.6-12 on a Fedora 22 server machine and
the
<br>
prodecure Im following is this one:
<br>
<a class="moz-txt-link-freetext" href="http://pki.fedoraproject.org/wiki/Installing_CA_with_Externaly-Signed_CA_Certificate">http://pki.fedoraproject.org/wiki/Installing_CA_with_Externaly-Signed_CA_Certificate</a>
<br>
</blockquote>
<br>
Hi,
<br>
<br>
At the end of the PKI server installation the admin certificate
and key will be stored in a PKCS #12 file and the location should
be displayed in the final installation message. Usually it is
stored in this location:
<br>
<br>
/root/.dogtag/pki-tomcat/ca_admin_cert.p12
<br>
<br>
But that could change depending on your deployment configuration
that you supplied to pkispawn.
<br>
<br>
After the PKI server installation you can set up the PKI client to
manage CA services. First initialize the client:
<br>
<br>
$ pki -c Secret123 client-init
<br>
<br>
Then import the root CA certificate:
<br>
<br>
$ pki -c Secret123 client-cert-import "Root CA Certificate"
--ca-cert root-ca.crt
<br>
<br>
Then import the PKI CA certificate:
<br>
<br>
$ pki -c Secret123 client-cert-import "PKI CA Certificate"
--ca-cert ca_signing.crt
<br>
<br>
Then import the CA admin certificate & key:
<br>
<br>
$ pki -c Secret123 client-cert-import caadmin --pkcs12
/root/.dogtag/pki-tomcat/ca_admin_cert.p12 --pkcs12-password-file
/root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
<br>
<br>
Then you should be able to access CA services as the admin, for
example:
<br>
<br>
$ pki -c Secret123 -n caadmin ca-user-find
<br>
<br>
Just let me know if you have any question.
<br>
<br>
</blockquote>
<br>
</body>
</html>