[Pki-users] Issuing a subordinate CA certificate
Fraser Tweedale
ftweedal at redhat.com
Tue Jan 23 05:39:48 UTC 2018
On Sun, Jan 21, 2018 at 08:11:11PM +0300, anater dembelov wrote:
> Hello!
>
> Tell me please!
>
> I need to release SubCA in the Dogtag.
> And then with this SubCA certificate sign the CSR.
> So I will have to get a chain of certificates.
> How can I do this in Dogtag?
>
> Is there an instruction manual?
>
> Best regards.
> Anatoly
Hi Anatoly,
The "lightweight sub-CAs" feature lets you host sub-CAs within an
existing Dogtag instance:
http://pki.fedoraproject.org/wiki/Lightweight_sub-CAs
Use the `pki ca-authority' CLI commands to create and manage
lightweight CAs.
This feature was developed for FreeIPA to use, so it is not
documented as a standalone feature of Dogtag. It is also not a
supported part of standalone RHCS deployments.
But most of what you need should be in the link above or discernable
from the `pki ca-authority' CLI commands available to you. Feel
free to reply with any follow-up questions you have.
Cheers,
Fraser
More information about the Pki-users
mailing list