[Pki-users] Renew PKI Administrator (caadmin) certificate
Jain, Mahendra
Majain at verisign.com
Mon Mar 30 14:54:02 UTC 2015
Thanks. It worked. Btw, the profile name is caAdminCert for default PKI Administrator user (cadmic).
Here’re the steps I followed to renew default PKI Administrator user:
1. Disable the caAdminCert profile via the agent interface (caadmin uses Security Domain Administrator Certificate Enrollment profile)
2. Change the validity default parameter constraint for caAdminCert profile via PKIconsole
3. Enable the caAdminCert profile via the agent interface
4. Submit the certificate renewal request using 'Self-renew user SSL client certificates’ option via End Users interface
- Mahendra
From: Nalinda Herath <nali.mrt at gmail.com<mailto:nali.mrt at gmail.com>>
Date: Monday, March 30, 2015 at 1:13 AM
To: "Jain, Mahendra" <majain at verisign.com<mailto:majain at verisign.com>>
Cc: "pki-users at redhat.com<mailto:pki-users at redhat.com>" <pki-users at redhat.com<mailto:pki-users at redhat.com>>
Subject: Re: [Pki-users] Renew PKI Administrator (caadmin) certificate
For issuing the CA admin certificate, CA uses the dual-use user certificate profile. First disable that profile via the agent interface and login to the PKIconsole. Go to the causerCert profile (i cant remember the exact name) and change the validity default parameter constraint.
to renew, by default it should be within the renewal grace period.
On Mon, Mar 30, 2015 at 7:11 AM, Jain, Mahendra <Majain at verisign.com<mailto:Majain at verisign.com>> wrote:
Correction: I meant, How can it be renewed for more than 2 years (say 5 years)?
From: <Jain>, "Jain, Mahendra" <majain at verisign.com<mailto:majain at verisign.com>>
Date: Sunday, March 29, 2015 at 9:07 PM
To: "pki-users at redhat.com<mailto:pki-users at redhat.com>" <pki-users at redhat.com<mailto:pki-users at redhat.com>>
Subject: [Pki-users] Renew PKI Administrator (caadmin) certificate
Hello All,
When I install the Dogtag Certificate System, the installation creates default PKI Administrator user (caadmin) and it’s certificate expires in 2 years.
How do I renew the certificate for the PKI Administrator user?
Thanks,
Mahendra
“This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately.”
_______________________________________________
Pki-users mailing list
Pki-users at redhat.com<mailto:Pki-users at redhat.com>
https://www.redhat.com/mailman/listinfo/pki-users
--
Best Regards,
Nalinda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20150330/052deb4a/attachment.htm>
More information about the Pki-users
mailing list