Certificate Renewal with Directory Authenticated Profile - dogtagpki/pki GitHub Wiki
Execute the following command to submit the renewal request. It will prompt for the LDAP password:
$ pki -U https://$HOSTNAME:8443 -c Secret.123 -n testuser client-cert-request \ --profile caDirUserRenewal --username testuser --password Password: ******** ----------------------------- Submitted certificate request ----------------------------- Request ID: 23 Type: renewal Request Status: complete Operation Result: success Certificate ID: 0x11
The certificate will be issued immediately.
Remove the old certificate from the client NSS database:
$ pki -c Secret.123 client-cert-del testuser ------------------------------ Removed certificate "testuser" ------------------------------
Import the new certificate into the client NSS database:
$ pki -c Secret.123 client-cert-import testuser --serial 0x11 ------------------------------- Imported certificate "testuser" -------------------------------
Verify with the following command:
$ pki -c Secret.123 client-cert-find ---------------------- 2 certificate(s) found ---------------------- Serial Number: 0x1 Nickname: CA Signing Certificate - EXAMPLE Subject DN: CN=CA Signing Certificate,O=EXAMPLE Issuer DN: CN=CA Signing Certificate,O=EXAMPLE Serial Number: 0x11 Nickname: testuser Subject DN: UID=testuser,OU=People,DC=example,DC=com Issuer DN: CN=CA Signing Certificate,O=EXAMPLE ---------------------------- Number of entries returned 2 ----------------------------