PKI 10.5 Getting KRA Transport Certificate - dogtagpki/pki GitHub Wiki
In PKI 10.5 or older it’s necessary to find the transport certificate by its name first, then download the certificate by its serial number.
The default name for the transport certificate is DRM Transport Certificate
.
To find the certificate:
$ pki ca-cert-find --name "DRM Transport Certificate" --------------- 1 entries found --------------- Serial Number: 0x7 Subject DN: CN=DRM Transport Certificate,O=EXAMPLE Status: VALID Type: X.509 version 3 Key Algorithm: PKCS #1 RSA with 2048-bit key Not Valid Before: Thu Oct 22 18:26:11 CEST 2015 Not Valid After: Wed Oct 11 18:26:11 CEST 2017 Issued On: Thu Oct 22 18:26:11 CEST 2015 Issued By: caadmin ---------------------------- Number of entries returned 1 ----------------------------
Use the serial number to download the certificate into a file:
$ pki ca-cert-show 0x7 --output transport.pem ----------------- Certificate "0x7" ----------------- Serial Number: 0x7 Issuer: CN=CA Signing Certificate,O=EXAMPLE Subject: CN=DRM Transport Certificate,O=EXAMPLE Status: VALID Not Before: Thu Oct 22 18:26:11 CEST 2015 Not After: Wed Oct 11 18:26:11 CEST 2017