[Pki-users] How to setup PKI Administrator user
Jain, Mahendra
Majain at verisign.com
Fri Apr 10 00:32:55 UTC 2015
Thanks Endi for the quick response.
On 4/9/15, 5:29 PM, "Endi Sukma Dewata" <edewata at redhat.com> wrote:
>On 4/9/2015 2:23 PM, Jain, Mahendra wrote:
>> Thanks Niranjan,
>>
>> I submitted 'Manual User Dual-Use Certificate Enrollment¹ via End User
>> interface and got it approved via agent interface and imported it to
>> browser including the keys.
>>
>> My confusion is where the keys (private key) came from? Was it
>> automatically generated when I submitted the Certificate Enrollment
>> request via browser? Or was it created by the Dogtag server and
>>delivered
>> it to browser when I imported the cert?
>>
>>
>> Thanks in advance.
>> Mahendra
>>
>
>To my understanding the current UI relies on a Firefox feature to
>generate a private key in the browser. However, this feature is going
>away in future Firefox, so Dogtag is now providing a way to generate a
>private key using the CLI:
>http://pki.fedoraproject.org/wiki/User_Certificate
>The private key later can be imported into Firefox.
>
>If you want to use a non-root Linux user as CA admin with a new
>certificate, follow the above page to generate the certificate, then add
>the user into the admin group.
>
>If you want to use a non-root Linux user as CA admin with existing CA
>admin certificate, follow this instruction:
>http://pki.fedoraproject.org/wiki/CA_Admin_Setup
>
>--
>Endi S. Dewata
More information about the Pki-users
mailing list