[Pki-users] Can I change the CN = CA Signing Certificate to something else?
Fraser Tweedale
ftweedal at redhat.com
Fri May 15 06:05:19 UTC 2015
On Fri, May 15, 2015 at 12:29:19AM -0500, Ben Peck wrote:
> I'm running Fedora 21 with Dogtag 10.2.1-3. My CA's Certificate was given
> "CA Signing Certificate" as its CN, and I'm wondering how it got that way
> and it might be customized on install.
>
> Running pkispawn interactively definitely didn't give me an opportunity to
> supply a name, and looking over the config file I could customize also
> doesn't seem to provide an opportunity to customize this:
>
> Dogtag 9 gave the opportunity to customize this as part of the initial
> setup - where is this done in version 10?
>
> thanks,
> Ben
>
Hi Ben,
pkispawn(8) does not ask what yo uwant the CN to be, but you can
tell it via a configuration file.
Minimal pkispawn(8) configuration file:
[DEFAULT]
pki_admin_password=4me2Test
pki_client_database_password=4me2Test
pki_client_pkcs12_password=4me2Test
pki_ds_password=4me2Test
[CA]
pki_profiles_in_ldap=True
pki_ca_signing_subject_dn=cn=YOUR CN HERE
Spawn an instance:
$ pkispawn -s CA -f your-config.conf
Hope that helps!
Fraser
>
> pki_admin_email=caadmin at example.com
> pki_admin_name=caadmin
> pki_admin_nickname=caadmin
> pki_admin_password=Secret123
> pki_admin_uid=caadmin
> pki_backup_keys=True
> pki_backup_password=Secret123
> pki_client_database_password=Secret123
> pki_client_database_purge=False
> pki_client_pkcs12_password=Secret123
> pki_ds_base_dn=dc=ca,dc=example,dc=com
> pki_ds_database=ca
> pki_ds_password=Secret123
> pki_security_domain_name=EXAMPLE
> pki_token_password=Secret123
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list