Cloning - dogtagpki/freeipa GitHub Wiki
During cloning, the certificates and keys are transfered to the replica with the following procedure:
-
A temporary NSS database is created
-
Replica downloads PKCS#12 files for the following certificates:
-
caSigningCert cert-pki-ca
-
ocspSigningCert cert-pki-ca
-
auditSigningCert cert-pki-ca
-
subsystemCert cert-pki-ca
-
-
The PKCS#12 files are imported with
pk12util
into the temporary NSS database -
All IPA CA certs are imported into the temporary NSS database as well
-
The temporary NSS database is exported into one PKCS#12 file with
PKCS12Export