[Pki-users] Update CA name "CA Signing Certificate" to a more meaninful name
Marc Sauton
msauton at redhat.com
Sat Aug 16 21:22:03 UTC 2014
On 08/16/2014 12:28 PM, Ricardo Alexander Alexander Perez Ricardez wrote:
> Hi, I create a CA in Interactive way, with default values:
>
> pkispawn use this file: etc/pki/default.cfg
>
> This file contains the value: pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s
>
> Therefore, the CA is created with the default value: "CA Signing Certificate"
>
> I would change this to a more meaningful name, It’s possible update or change the name “CA Signing Certificate” to a new value name?
>
> pkispawn use argument -u "update instance of specified subsystem", It's possible to update the value using this option?
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
It is in fact highly recommended to customize all the subject names, and
HTML pages if used.
cp -p /usr/share/pki/ca/conf/CS.cfg /usr/share/pki/ca/conf/CS.cfg.orig
vim /usr/share/pki/ca/conf/CS.cfg
...
preop.cert.signing.userfriendlyname=testms CA Signing Certificate
preop.cert.audit_signing.userfriendlyname=testms CA Audit Signing
Certificate
preop.cert.ocsp_signing.userfriendlyname=testms OCSP Signing Certificate
preop.cert.sslserver.userfriendlyname=testms SSL Server Certificate
preop.cert.subsystem.userfriendlyname=testms Subsystem Certificate
...
The u option of pkispawn was removed.
There is now a tool called pki-upgrade to update those config files or
template when there is a package update or a manual change, so the
existing instances can get the newer config files.
But in this case, the certificates need to be re-issued, so it is more a
change before creating a CA instance.
Thanks,
M.
More information about the Pki-users
mailing list