-
Notifications
You must be signed in to change notification settings - Fork 139
PKI Server CA Certificate Request CLI
The pki-server ca-cert-request-*
commands provide a way to manage certificate requests in CA database when PKI server is offline.
These commands can only be executed by the system administrator.
To find the certificate request for a certificate in CA database:
$ pki-server ca-cert-request-find --cert-file <cert file>
As of PKI 10.4 the content of the certificate has to be formatted as follows:
-
The certificate must be base-64 encoded.
-
Each line must be at most 64 bytes long and terminated with CRLF.
-
There is no BEGIN/END CERTIFICATE header/footer.
For example:
MIIDnTCCAoWgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBIMRAwDgYDVQQKDAdFWEFN<CRLF> UExFMRMwEQYDVQQLDApwa2ktdG9tY2F0MR8wHQYDVQQDDBZDQSBTaWduaW5nIENl<CRLF> ... EzgqNUFrj/ATV31qVzEb6aka+93bd437Iga68OTz+8fhif8TbILWfJG87rU3w00D<CRLF> DMK8f1ILzfnK1kUEkBQ9zoiDlQyiUsl6TDJKXFc8Woqi0VTgK2AJ7cVdrwtOiE++<CRLF> 6jk3lUH/goACLP5fIuZWqlM=<CRLF>
Note: The certificate format may change in the future.
To display a certificate request in CA database:
$ pki-server ca-cert-request-show <request ID>
To import a certificate request in CA database:
$ pki-server ca-cert-request-import \ [--request <ID>] \ --csr <path> \ --profile <filename>
where:
-
The
--request
parameter specifies an optional ID for the request. If the request ID is not specified and the request ID generator is configured torandom
, a new random request ID will be generated automatically. -
The
--csr
parameter specifies the relative or absolute path to the CSR file. -
The
--profile
parameter specifies the filename of the bootstrap profile in/var/lib/pki/pki-tomcat/conf/ca
without the path (e.g.serverCert.profile
).
Availability: Since PKI 11.4.
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |