PKI 10.5 Getting KRA Transport Certificate - dogtagpki/pki GitHub Wiki

Overview

In PKI 10.5 or older it’s necessary to find the transport certificate by its name first, then download the certificate by its serial number.

Finding Transport Certificate

The default name for the transport certificate is DRM Transport Certificate.

To find the certificate:

$ pki ca-cert-find --name "DRM Transport Certificate"
---------------
1 entries found
---------------
  Serial Number: 0x7
  Subject DN: CN=DRM Transport Certificate,O=EXAMPLE
  Status: VALID
  Type: X.509 version 3
  Key Algorithm: PKCS #1 RSA with 2048-bit key
  Not Valid Before: Thu Oct 22 18:26:11 CEST 2015
  Not Valid After: Wed Oct 11 18:26:11 CEST 2017
  Issued On: Thu Oct 22 18:26:11 CEST 2015
  Issued By: caadmin
----------------------------
Number of entries returned 1
----------------------------

Retrieving Transport Certificate

Use the serial number to download the certificate into a file:

$ pki ca-cert-show 0x7 --output transport.pem
-----------------
Certificate "0x7"
-----------------
  Serial Number: 0x7
  Issuer: CN=CA Signing Certificate,O=EXAMPLE
  Subject: CN=DRM Transport Certificate,O=EXAMPLE
  Status: VALID
  Not Before: Thu Oct 22 18:26:11 CEST 2015
  Not After: Wed Oct 11 18:26:11 CEST 2017
⚠️ **GitHub.com Fallback** ⚠️