[Pki-users] pki cli default CA Admin Unauthorized
Endi Sukma Dewata
edewata at redhat.com
Tue Dec 22 21:33:24 UTC 2015
On 12/22/2015 2:03 PM, Alex Harrison wrote:
>> Verify the admin cert is added with this command:
>> pki client-cert-find
>
>> Also see the nickname of the certificate in the above output. The
>> nickname is configurable using pki_admin_nickname parameter in the
>> pkispawn deployment configuration.
>
> I think you've found my problem. When I issue that command I see:
> ----------------------
> 2 certificate(s) found
> ----------------------
> Serial Number: 0x6
> Nickname: PKI Administrator for localdomain
> Subject DN: CN=PKI Administrator,E=caadmin at localdomain,O=localdomain Security
> Domain
> Issuer DN: CN=CA Signing Certificate,O=localdomain Security Domain
>
> "E=caadmin at localdomain" is telling me that the nickname is
"caadmin at localdomain", right? So I need to put the whole string in my
command authentication with the -n parameter, not just "caadmin". Is
that correct? If so, that explains my problems. When I use the entire
string with the domain, the commands all work as I expect.
>
> Thanks for your help.
Actually, the "E=..." specifies the email address used to construct the
certificate subject DN. The nickname of the above certificate is "PKI
Administrator for localdomain". If "caadmin at localdomain" works, you
probably have another certificate added with that as a nickname. To
avoid confusions I'd suggest you re-initialize the client database using
pki client-init and reimport the admin certificate. Just let me know if
you still have a problem.
--
Endi S. Dewata
More information about the Pki-users
mailing list