forked from freeipa/freeipa
-
Notifications
You must be signed in to change notification settings - Fork 0
Enrolling Server Certificate
Endi S. Dewata edited this page Apr 22, 2023
·
1 revision
To generate a CSR:
$ pki nss-cert-request \
--subject "CN=$HOSTNAME" \
--ext /usr/share/pki/server/certs/sslserver.conf \
--csr sslserver.csr
To inspect the CSR:
$ openssl req -text -noout -in sslserver.csr
To issue a certificate:
$ ipa cert-request --principal=HTTP/$HOSTNAME sslserver.csr
To retrieve the certificate:
$ ipa cert-show <serial number> --out=sslserver.crt
To inspect the certificate:
$ openssl x509 -text -noout -in sslserver.crt