Issuing OCSP Signing Certificate with PKI NSS - dogtagpki/pki GitHub Wiki

Issuing a Certificate

To issue a certificate, prepare a certificate extension configuration in a file (e.g. ocsp_signing.conf):

authorityKeyIdentifier = keyid:always
extendedKeyUsage       = OCSPSigning
noCheck                = ignored

To issue a certificate signed by a CA certificate, specify the CA certificate nickname:

$ pki nss-cert-issue \
    --issuer ca_signing \
    --csr ocsp_signing.csr \
    --ext ocsp_signing.conf \
    --cert ocsp_signing.crt

Availability: PKI 10.10

See Also

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️