[Pki-users] How to setup PKI Administrator user
Endi Sukma Dewata
edewata at redhat.com
Thu Apr 9 21:29:07 UTC 2015
On 4/9/2015 2:23 PM, Jain, Mahendra wrote:
> Thanks Niranjan,
>
> I submitted 'Manual User Dual-Use Certificate Enrollment¹ via End User
> interface and got it approved via agent interface and imported it to
> browser including the keys.
>
> My confusion is where the keys (private key) came from? Was it
> automatically generated when I submitted the Certificate Enrollment
> request via browser? Or was it created by the Dogtag server and delivered
> it to browser when I imported the cert?
>
>
> Thanks in advance.
> Mahendra
>
To my understanding the current UI relies on a Firefox feature to
generate a private key in the browser. However, this feature is going
away in future Firefox, so Dogtag is now providing a way to generate a
private key using the CLI:
http://pki.fedoraproject.org/wiki/User_Certificate
The private key later can be imported into Firefox.
If you want to use a non-root Linux user as CA admin with a new
certificate, follow the above page to generate the certificate, then add
the user into the admin group.
If you want to use a non-root Linux user as CA admin with existing CA
admin certificate, follow this instruction:
http://pki.fedoraproject.org/wiki/CA_Admin_Setup
--
Endi S. Dewata
More information about the Pki-users
mailing list