-
Notifications
You must be signed in to change notification settings - Fork 139
Renewing Admin Certificate using pki server cert fix
Endi S. Dewata edited this page Mar 27, 2024
·
2 revisions
This page describes the process to renew the admin certificate using pki-server cert-fix CLI.
Notes:
-
This procedure may require setting the system clock back to when the admin certificate was still valid.
To renew the admin certificate and system certificates, execute the following command and provide the admin certificate serial number:
$ pki-server cert-fix \
--ldap-url ldap://localhost.localdomain \
--agent-uid caadmin \
--extra-cert <serial number>
If the DS connection was configured to use client certificate authentication, but the certificate has already expired, and the DS server is running locally, the command can be executed with LDAPI instead:
$ pki-server cert-fix \
--ldapi-socket /var/run/slapd-localhost.socket \
--agent-uid caadmin \
--extra-cert <serial number>
Then assign the new certificate to the admin user with the following command:
$ pki \
-U https://localhost.localdomain:8443 \
-d ~/.dogtag/nssdb \
-c Secret.123 \
-n caadmin \
ca-user-cert-add \
--input /var/lib/pki/pki-tomcat/conf/certs/<serial number>-renewed.crt \
caadmin
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |