Default CA Admin - dogtagpki/pki GitHub Wiki
This document describes the default admin user which is created during installation.
The default CA admin user belongs to the following groups:
-
Certificate Manager Agents
-
Administrators
-
Security Domain Administrators
-
Enterprise CA Administrators
-
Enterprise KRA Administrators
-
Enterprise OCSP Administrators
-
Enterprise TKS Administrators
-
Enterprise RA Administrators
-
Enterprise TPS Administrators
After installing the CA, the admin certificate and key will be stored in the following files in ~/.dogtag/pki-tomcat
:
-
ca_admin.cert
: PEM certificate -
ca_admin_cert.p12
: PKCS #12 file containing the certificate and the key
The PKCS #12 file is protected with a password specified in the pki_client_pkcs12_password
parameter during installation.
The certificate is stored in the PKCS #12 with the nickname specified in the pki_admin_nickname
parameter during installation.
If necessary, the certificate can also be obtained from the PKCS #12 file with the following command:
$ pki pkcs12-cert-export \ --pkcs12-file ~/.dogtag/pki-tomcat/ca_admin_cert.p12 \ --pkcs12-password Secret.123 \ --cert-file caadmin.crt \ caadmin
To use the certificate with Python clients, export both the certificate and private key into a PEM file:
$ pki client-cert-show caadmin --client-cert caadmin.pem