Skip to content

Importing Admin Certificate into PKI CLI

Jump to bottom
Endi S. Dewata edited this page May 11, 2021 · 14 revisions

Overview

This page describes the process to import the admin certificate into PKI CLI such that the certificate can be used to execute admin operations from the command line.

This document assumes that the admin certificate and the key are stored in a PKCS #12 file (e.g. ~/.dogtag/pki-tomcat/ca_admin_cert.p12) after CA installation, and the PKCS #12 file is protected with a password specified in the pki_client_pkcs12_password parameter during installation.

Importing Admin Certificate

By default the PKI CLI uses an NSS database at ~/.dogtag/nssdb.

To import the PKCS #12 file into the NSS database, execute the following command:

$ pki pkcs12-import \
    --pkcs12 ~/.dogtag/pki-tomcat/ca_admin_cert.p12 \
    --pkcs12-password Secret.123

The certificate can be used by specifying a -n <nickname> parameter, for example:

$ pki -n caadmin ca-user-find
Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
Clone this wiki locally