PKI User Certificate CLI - dogtagpki/pki GitHub Wiki

Overview

PKI provides CLI to manage user certificates. All user certificate commands must be executed as the subsystem administrator.

Commands

Listing user certificates

$ pki <admin authentication> <subsystem>-user-find-cert <user ID>

For example:

$ pki -n caadmin ca-user-cert-find caadmin
-----------------
1 entries matched
-----------------
  Cert ID: 2;6;CN=CA Signing Certificate,O=EXAMPLE;CN=PKI Administrator,[email protected],O=EXAMPLE
  Version: 2
  Serial Number: 0x6
  Issuer: CN=CA Signing Certificate,O=EXAMPLE
  Subject: CN=PKI Administrator,[email protected],O=EXAMPLE
----------------------------
Number of entries returned 1

Viewing a user certificate

$ pki <admin authentication> <subsystem>-user-cert-show <user ID> <certificate ID>

For example:

$ pki -n caadmin ca-user-cert-show caadmin "2;6;CN=CA Signing Certificate,O=EXAMPLE;CN=PKI Administrator,[email protected],O=EXAMPLE"
----------------------------------------------------------------------------------------------------------
Certificate "2;6;CN=CA Signing Certificate,O=EXAMPLE;CN=PKI Administrator,[email protected],O=EXAMPLE"
----------------------------------------------------------------------------------------------------------
  Cert ID: 2;6;CN=CA Signing Certificate,O=EXAMPLE;CN=PKI Administrator,[email protected],O=EXAMPLE
  Version: 2
  Serial Number: 0x6
  Issuer: CN=CA Signing Certificate,O=EXAMPLE
  Subject: CN=PKI Administrator,[email protected],O=EXAMPLE

Exporting user certificate

$ pki <admin authentication> <subsystem>-user-cert-show <user ID> <certificate ID> --output <filename>

Importing user certificate from file

$ pki <admin authentication> <subsystem>-user-cert-add <user ID> --input <filename>

For example, prepare a certificate file (e.g. caadmin.crt):

-----BEGIN CERTIFICATE-----
MIIC5jCCAc6gAwIBAgIBCzANBgkqhkiG9w0BAQsFADAzMRAwDgYDVQQKDAdFWEFN
UExFMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTE1MDYwMzE5
MzYyOFoXDTE1MTEzMDIwMzYyOFowGTEXMBUGCgmSJomT8ixkAQEMB2NhYWRtaW4w
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN3hMNbCRjI+jThCfhCKolmgh0rb
XAbX8JAqaeKd8Hii4WqbCEiglTI5bB9Vbydj3vUTfW1Obv6FmVzG9s9OGXCTSevo
biGDiI0/sJ7QY7CtfGvbYqUcgr5muMw37JbO/Jzg6LqT4UlB699UC0Idn0JQ0X9b
fEfQZcaKNQyvoOhZAgMBAAGjgaIwgZ8wHwYDVR0jBBgwFoAUzGVi8EBdQVsx9DDT
Rwy8Trw/B64wTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzABhjFodHRwOi8vdm0t
MDY0LmlkbS5sYWIuYm9zLnJlZGhhdC5jb206ODA4MC9jYS9vY3NwMA4GA1UdDwEB
/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcN
AQELBQADggEBABRf7mDI/6z7sXh8GW4j7hXpZiJmWsjIL4AzfTu//AapbfvetIra
b84SdnBnZ5oIPOmEENNJ9LrNx+9kjHCEBcvEqwHpTmJQUPokRvdpvThfFtGc+Cox
ThdRa+hIz66nayph3JvptyfOjS25s+oUyjOojgTiz4r0xm60m3Q15+2El/dITq8J
MrQYZsF56+qcSkUL/UW6SYa7qwPw6f8lSqCX1QZcpe3ZAcwUFIUwYykrG3azyhZC
A8YlxDzydJhZY92zl6IlBV5oIMvhrVgCDuf/XVEUJ/YE1YZYy0BEnPnZtk/1t3rs
/v6wTakOw+5/CQmZecFy1V+BxD0+1MuldCk=
-----END CERTIFICATE-----

Then execute the following command:

$ pki -n caadmin ca-user-cert-add caadmin --input caadmin.crt
------------------------------------------------------------------------
Added certificate "2;11;CN=CA Signing Certificate,O=EXAMPLE;UID=caadmin"
------------------------------------------------------------------------
  Cert ID: 2;11;CN=CA Signing Certificate,O=EXAMPLE;UID=caadmin
  Version: 2
  Serial Number: 0xb
  Issuer: CN=CA Signing Certificate,O=EXAMPLE
  Subject: UID=caadmin

Adding user certificate from certificate repository

$ pki <admin authentication> <subsystem>-user-cert-add <user ID> --serial <serial number>

For example:

$ pki -n caadmin ca-user-cert-add caadmin --serial 0x7

Deleting a user certificate

$ pki <admin authentication> <subsystem>-user-cert-del <user ID> <cert ID>

For example:

$ pki -n caadmin ca-user-cert-del caadmin "2;11;CN=CA Signing Certificate,O=EXAMPLE;UID=caadmin"
--------------------------------------------------------------------------
Deleted certificate "2;11;CN=CA Signing Certificate,O=EXAMPLE;UID=caadmin"
--------------------------------------------------------------------------

See Also

⚠️ **GitHub.com Fallback** ⚠️