PKI 10.3 Submitting Certificate Renewal Request - dogtagpki/pki GitHub Wiki
This page describes the process to submit a certificate renewal request in PKI 10.3 or earlier.
First, download the certificate renewal profile:
$ pki ca-cert-request-profile-show caManualRenewal --output caManualRenewal.xml
Specify the serial number of the certificate to be renewed either:
-
in the
<Value>
element within the<Attribute name="serial_num">
element (preferred), or -
in the
<SerialNumber>
element (to be deprecated).
The serial can be specified in decimal number or hexadecimal number with 0x prefix.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <CertEnrollmentRequest> <Attributes/> <ProfileID>caManualRenewal</ProfileID> <Renewal>true</Renewal> <SerialNumber><font color="red">serial</font></SerialNumber> <RemoteHost></RemoteHost> <RemoteAddress></RemoteAddress> <Input id="i1"> <ClassID>serialNumRenewInputImpl</ClassID> <Name>Serial Number of Certificate to Renew</Name> <Attribute name="serial_num"> <Value><font color="red">serial</font></Value> <Descriptor> <Syntax>string</Syntax> <Description>Serial Number of Certificate to Renew</Description> </Descriptor> </Attribute> </Input> </CertEnrollmentRequest>
Then submit the request:
$ pki ca-cert-request-submit caManualRenewal.xml ----------------------------- Submitted certificate request ----------------------------- Request ID: 28 Type: renewal Request Status: pending Operation Result: success