Initializing Client Certificate Database#
Prepare a client certificate database:
$ pki -c Secret.123 client-init
Submitting User Certificate Request#
Generate a client certificate request and send it to the server:
$ pki -c Secret.123 client-cert-request uid=testuser
Submitting Server Certificate Request#
This command requires CA agent authentication. To generate a server certificate request:
$ pki -U https://`hostname`:8443 -d /etc/httpd/alias/ -n ipaCert -C /etc/httpd/alias/pwdfile.txt \
client-cert-request --profile caIPAserviceCert cn=`hostname`
Listing Certificate Requests#
This command requires CA agent authentication. To list certificate requests:
$ pki -U https://`hostname`:8443 -d /etc/httpd/alias/ -n ipaCert -C /etc/httpd/alias/pwdfile.txt \
ca-cert-request-find
Approving Certificate Requests#
This command requires CA agent authentication. To approve a certificate request:
$ pki -U https://`hostname`:8443 -d /etc/httpd/alias/ -n ipaCert -C /etc/httpd/alias/pwdfile.txt \
ca-cert-request-review <request ID> --action approve
Tracking#
$ getcert start-tracking
Renewal#
Renewing CA Certificate#
$ ipa-cacert-manage renew
Renewing CA certificate, please wait
CA certificate successfully renewed
The ipa-cacert-manage command was successful
Renewing IPA Certificate#
$ getcert resubmit -d /etc/httpd/alias -n ipaCert
Renewing Web Server Certificate#
$ getcert resubmit -d /etc/httpd/alias -n Server-Cert