Skip to content

Importing Admin Certificate into PKI CLI

Jump to bottom
Endi S. Dewata edited this page Aug 24, 2021 · 14 revisions

Overview

This page describes the process to import the admin certificate into PKI CLI such that the certificate can be used to execute admin operations from the command line.

This document assumes that the admin certificate and the key are stored in a PKCS #12 file (e.g. ~/.dogtag/pki-tomcat/ca_admin_cert.p12) after CA installation, and the PKCS #12 file is protected with a password specified in the pki_client_pkcs12_password parameter during installation.

Importing Admin Certificate

By default the PKI CLI uses an NSS database at ~/.dogtag/nssdb.

To import the PKCS #12 file into the NSS database, execute the following command:

$ pki pkcs12-import \
    --pkcs12 ~/.dogtag/pki-tomcat/ca_admin_cert.p12 \
    --pkcs12-password Secret.123

Note: Due to JSS #796 that command might not work. In that case use this command instead:

$ pki client-cert-import \
    --pkcs12 ~/.dogtag/pki-tomcat/ca_admin_cert.p12 \
    --pkcs12-password Secret.123

The certificate can be used by specifying a -n <nickname> parameter, for example:

$ pki -n caadmin ca-user-find
Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
Clone this wiki locally