Setting up CA Admin User with PKI Tools - dogtagpki/pki GitHub Wiki

Overview

This page describes the process to set up a CA admin user with PKI tools.

Adding CA Admin User

$ pki-server ca-user-add \
    --full-name Administrator \
    --type adminType \
    caadmin

In PKI 11.6 or later the user certificate can be specified with the --cert <path> option.

Assigning Certificate to CA Admin User

$ pki-server ca-user-cert-add \
    --cert admin.crt \
    caadmin

Assigning Roles to CA Admin User

$ pki-server ca-user-role-add caadmin "Administrators"
$ pki-server ca-user-role-add caadmin "Certificate Manager Agents"
$ pki-server ca-user-role-add caadmin "Security Domain Administrators"
$ pki-server ca-user-role-add caadmin "Enterprise CA Administrators"
$ pki-server ca-user-role-add caadmin "Enterprise KRA Administrators"
$ pki-server ca-user-role-add caadmin "Enterprise RA Administrators"
$ pki-server ca-user-role-add caadmin "Enterprise TKS Administrators"
$ pki-server ca-user-role-add caadmin "Enterprise OCSP Administrators"
$ pki-server ca-user-role-add caadmin "Enterprise TPS Administrators"
⚠️ **GitHub.com Fallback** ⚠️