Issuing CA Signing Certificate with PKI CA - dogtagpki/pki GitHub Wiki

Overview

This page describes the process to issue a CA signing certificate with PKI CA for PKI 10.3 or later.

For older versions, see:

Submitting Certificate Request

Submit the request with the following command:

$ pki -U http://ca.external.com:8080 ca-cert-request-submit \
    --profile caCACert \
    --csr-file /tmp/ca_signing.csr

Approving Certificate Request

The external PKI CA admin can approve the request by executing the following command on the external PKI CA:

$ pki -c Secret.123 -n "PKI Administrator external.com" ca-cert-request-review 28 --action approve

Retrieving Certificate Request

The newly signed CA certificate and the external CA certificate can be downloaded to the installing server with the following commands:

$ pki -U http://ca.external.com:8080 ca-cert-show 0x1c --output /tmp/ca_signing.crt
$ pki -U http://ca.external.com:8080 ca-cert-show 0x1 --output /tmp/external.crt

See Also

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️