Creating Temporary SSL Server Certificate - dogtagpki/pki GitHub Wiki
This page describes the process to create a temporary SSL server certificate for the CA subsystem itself.
To check the current SSL server certificate:
$ pki-server cert-show sslserver Cert ID: sslserver Nickname: sslserver Token: internal Serial Number: 0x235131ac57d6dc14706338af68fce2b6 Subject DN: CN=pki.example.com,OU=pki-tomcat,O=EXAMPLE Issuer DN: CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE Not Valid Before: Wed Oct 25 15:39:35 2023 Not Valid After: Tue Oct 14 15:39:35 2025 Trust Flags: u,u,u
To create a temporary certificate execute the following command:
$ pki-server cert-create sslserver --temp
The certificate will be stored in /var/lib/pki/<instance>/conf/certs/sslserver.crt
.
Next, delete the current SSL server certificate from the server’s NSS database:
$ pki-server cert-del sslserver
Then import the temporary certificate into the NSS database:
$ pki-server cert-import sslserver
Verify the new certificate with the following command:
$ pki-server cert-show sslserver Cert ID: sslserver Nickname: sslserver Token: internal Serial Number: 0x4e62aba6ad321857fcc93c20be4ee4c5 Subject DN: CN=pki.example.com,OU=pki-tomcat,O=EXAMPLE Issuer DN: CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE Not Valid Before: Thu Oct 26 17:28:13 2023 Not Valid After: Wed Oct 15 17:28:13 2025 Trust Flags: u,u,u