[Pki-users] Automatically generate certificates without approval
Marc Sauton
msauton at redhat.com
Wed Oct 28 22:21:21 UTC 2020
yes, it works by having SSL client authentication for an "agent" user, or
LDAP basic authentication (without or with a pre-defined pin), or CMC:
example for SSL server cert, look at the profile caAgentServerCert.cfg
example for SSL server cert using CMC, see
https://github.com/dogtagpki/pki/wiki/Issuing-SSL-Server-Certificate-with-CMC
for end user cert, examples with caDirPinUserCert.cfg , caDirUserCert.cfg
from the pki command line with LDAP basic authentication , look for the
command cert-request-submit with the --username
either
pki cert-request-submit --help
or
pki ca-cert-request-submit --help
see
https://www.dogtagpki.org/wiki/Directory-Authenticated_Profiles
On Wed, Oct 28, 2020 at 2:20 AM Wahaj K <mwahaj3120 at gmail.com> wrote:
> Hi Guys,
>
> I am new to Dogtag PKI and have installed it on fedora 33. I am able to
> send a PKCS#10 certificate, approve and then get the issued certificate. I
> need to know a way to generate the certificate without manual approval
> hence when PKCS#10 request is sent ,the certificate is generated right
> away. I have looked at profiles, CA configuration but couldn't see a way. I
> am using Dogtag 10.9. Is this possible? Any guidance is appreciated.
>
> Regards,
> Wahaj
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20201028/e60be4c9/attachment.htm>
More information about the Pki-users
mailing list