[Pki-users] install dogtag with exist private key

Endi Sukma Dewata edewata at redhat.com
Tue Jun 14 00:29:14 UTC 2016 

Hi,

I managed to install CA with an existing CA certificate generated by 
OpenSSL:

http://pki.fedoraproject.org/wiki/Installing_CA_with_OpenSSL_CA_Certificate

The only thing is it depends on a tool that has not been added yet (see 
patch #768 in pki-devel list). Hopefully the tool will make it into 
Dogtag 10.3.3, but in the meantime feel free to create a custom build 
with the patch.

-- 
Endi S. Dewata


On 6/13/2016 12:53 PM, Christina Fu wrote:
> hi Anater,
>
> Not at the moment, but the feature did cross my mind at some point, and
> I don't think it's that hard to implement.  What we need though is a
> business case.  Could you provide reasoning for a useful scenario so
> maybe we can build a business case to introduce such feature in the
> future release?
>
> thanks,
> Christina
>
> On 06/13/2016 10:43 AM, anater dembelov wrote:
>> Hi Christina!
>>
>> I only have the private key. I would like to generate with it
>> ca_signing.csr and ca_signing.pem. Next, import the installation of
>> the new CA. How can I do it?
>>
>> Thank you.
>>
>> 2016-06-13 19:46 GMT+03:00 Christina Fu <cfu at redhat.com
>> <mailto:cfu at redhat.com>>:
>>
>>     Hi Anater,
>>
>>     Not sure if anyone responded.  We have something called "Existing
>>     CA" for new installations with 10.3.2 (or 1?).  It's an option to
>>     allow reusing cert/keys of an existing CA.
>>     I'm not very certain of the info link, but here is one that might
>>     have some info (Endi please clarify... ):
>>
>>     pki.fedoraproject.org/wiki/Installing_CA_with_Existing_CA_Certificate
>>     <http://pki.fedoraproject.org/wiki/Installing_CA_with_Existing_CA_Certificate>
>>
>>     Christina
>>
>>
>>     On 06/09/2016 10:06 AM, anater dembelov wrote:
>>>     Good afternoon!
>>>
>>>     Help me please.
>>>     I have a private key, packages generate openssl.
>>>
>>>     I have dogtag 10.3 installation to introduce my private key, as
>>>     the root signing certificate.
>>>     What need to do?
>>>
>>>     Thank you so much.

More information about the Pki-users mailing list