[Pki-users] Subordinate CA setup procedures
Ade Lee
alee at redhat.com
Fri Dec 19 18:01:04 UTC 2014
pkispawn -s CA -f subca.cfg
Here's a sample config file:
[DEFAULT]
pki_admin_password=password123
pki_client_database_password=password123
pki_client_pkcs12_password=password123
pki_ds_password=password123
pki_security_domain_password=password123
pki_security_domain_hostname=dogtag.example.com
pki_security_domain_https_port=8443
pki_security_domain_user=caadmin
pki_ajp_port=8010
pki_tomcat_server_port=8006
pki_https_port=8453
pki_http_port=8090
pki_instance_name=pki-subca
[CA]
pki_subordinate=True
pki_issuing_ca=https://dogtag.example.com:8443
pki_ca_signing_subject_dn=cn=subca signing, o=example.com
Some notes:
1. The issuing CA and security domain port settings are for the root CA.
2. The other port settings and the pki_instance_name are set because I
installed the sub CA on the same host as the root CA. You can take the
defaults on these if the subCA is on a different host.
On Fri, 2014-12-19 at 15:04 +1000, Fraser Tweedale wrote:
> On Thu, Dec 18, 2014 at 06:14:08PM +0000, Dennis Gnatowski wrote:
> >
> > Can someone provide or point me to documentation on setting up a subordinate CA? I have a Root CA running DogTag 10.1.1 on Fedora 20 and I just want to create a subordinate CA to this Root CA (also using DogTag).
> > -----------------------------------------------------------
> > Dennis Gnatowski
> > dgnatowski at yahoo.com
>
> Hi Dennis,
>
> You need to provide a config file to pkispawn(8) to install a
> subordinate CA. See section "Installing a subordinate CA" in the
> pkispawn(8) man page for more information.
>
> Regards,
>
> Fraser
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list