Enrolling Server Certificate - dogtagpki/freeipa GitHub Wiki

Generating Certificate Request

To generate a CSR:

$ pki nss-cert-request \
    --subject "CN=$HOSTNAME" \
    --ext /usr/share/pki/server/certs/sslserver.conf \
    --csr sslserver.csr

To inspect the CSR:

$ openssl req -text -noout -in sslserver.csr

Issuing Certificate

To issue a certificate:

$ ipa cert-request --principal=HTTP/$HOSTNAME sslserver.csr

Retrieving Certificate

To retrieve the certificate:

$ ipa cert-show <serial number> --out=sslserver.crt

To inspect the certificate:

$ openssl x509 -text -noout -in sslserver.crt
⚠️ **GitHub.com Fallback** ⚠️