Default CA Admin - dogtagpki/pki GitHub Wiki

Overview

This document describes the default admin user which is created during installation.

The default CA admin user belongs to the following groups:

  • Certificate Manager Agents

  • Administrators

  • Security Domain Administrators

  • Enterprise CA Administrators

  • Enterprise KRA Administrators

  • Enterprise OCSP Administrators

  • Enterprise TKS Administrators

  • Enterprise RA Administrators

  • Enterprise TPS Administrators

After installing the CA, the admin certificate and key will be stored in the following files in ~/.dogtag/pki-tomcat:

  • ca_admin.cert: PEM certificate

  • ca_admin_cert.p12: PKCS #12 file containing the certificate and the key

The PKCS #12 file is protected with a password specified in the pki_client_pkcs12_password parameter during installation. The certificate is stored in the PKCS #12 with the nickname specified in the pki_admin_nickname parameter during installation.

If necessary, the certificate can also be obtained from the PKCS #12 file with the following command:

$ pki pkcs12-cert-export \
    --pkcs12-file ~/.dogtag/pki-tomcat/ca_admin_cert.p12 \
    --pkcs12-password Secret.123 \
    --cert-file caadmin.crt \
    caadmin

Using Admin Certificate with PKI CLI

See Importing Admin Certificate into PKI CLI.

Using Admin Certificate with Firefox

See Importing Admin Certificate into Firefox.

Using Admin Certificate with Python Clients

To use the certificate with Python clients, export both the certificate and private key into a PEM file:

$ pki client-cert-show caadmin --client-cert caadmin.pem

See Also

⚠️ **GitHub.com Fallback** ⚠️