Overview#
This page describes the PKI users that are used by IPA.
CA Users#
CA admin#
DN:
uid=admin,ou=people,o=ipaca
Certificate:
CN=ipa-ca-agent
Groups:
Certificate Manager Agents
Administrators
Security Domain Administrators
Enterprise CA Administrators
Enterprise KRA Administrators
Enterprise OCSP Administrators
Enterprise TKS Administrators
Enterprise RA Administrators
Enterprise TPS Administrators
LDAP entry:
dn: uid=admin,ou=people,o=ipaca
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: cmsuser
uid: admin
sn: admin
cn: admin
mail: root@localhost
usertype: adminType
userstate: 1
userPassword:: e1NTSEF9eG8wRFdWVHVCbEp2RnA0ZnZGVEpJQjFYbTBiNVJnYmVNM1paV1E9PQ=
=
description: 2;6;CN=Certificate Authority,O=EXAMPLE.COM;CN=ipa-ca-agent,O=EXAM
PLE.COM
userCertificate:: MIIDrTCCApWgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBJMScwJQYDVQQKEx5B
QkMuSURNLkxBQi5FTkcuQlJRLlJFREhBVC5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvc
ml0eTAeFw0xNjA5MDkxNTU3MzlaFw0xODA4MzAxNTU3MzlaMEAxJzAlBgNVBAoTHkFCQy5JRE0uTE
FCLkVORy5CUlEuUkVESEFULkNPTTEVMBMGA1UEAxMMaXBhLWNhLWFnZW50MIIBIjANBgkqhkiG9w0
BAQEFAAOCAQ8AMIIBCgKCAQEA5SxaYKXOnf/4A42gffIH6G5JQvXsMAVvZUj8h7RmHks58NJaO6bC
I+vQjHsY6NfpxzwcabBH8l2d0trJQ6pGOgu27uBrK4top/RUUM8HTcL6lK5rEWUYDlVcaUUtHHjm2
1M9zXEltH3o8/e6B5xRm3olNOnxMsWP29Efy9XBRaUa5wLAjbm+E+VlX04cn6IkDFy3M7M25H6uL9
jltbPZVVuP/pMMrfAUvn8YbyB8PxPo8ZjnmArvLSJOkHHE+RIU65C+l8/WLqt06f0z3MNN4Loz+mD
HOPIt1tge/wHk5wV03p3v0qJKhN4XPupgt7qy29XM/+gBRbkOu5YyLCiBhwIDAQABo4GoMIGlMB8G
A1UdIwQYMBaAFPQdAPkRQC//vZHVQxIf9KAQdzHlMFMGCCsGAQUFBwEBBEcwRTBDBggrBgEFBQcwA
YY3aHR0cDovL3ZtLTAxNi5hYmMuaWRtLmxhYi5lbmcuYnJxLnJlZGhhdC5jb206ODAvY2Evb2NzcD
AOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQE
BCwUAA4IBAQB403wT12PJwpUdeBu1vJbi2oqDt3eygMfm5g0I/yzFzHKHczLKvuhq1e3SW6rfv48a
PLeB4C0jYVufIkv+WlFdR+xogk7POGzus2fuDOR9ZtuD/syWGKHyfXb9Cko5BYY2ltKSCkt4iCkut
ylyd2dtt24cxQz/gEJkD3VRtpquNB0uzkz5RjqOzOLhMsz2IvJ1nVYZONGHa79EmtjqvLzT13DwlX
8yLj781JgxgFGPly+45yGDdTfKwLNj2HHYQFh9zlSI/JHH3l9csUTA7TEAtBUJgW6psUw4/+Di1o5
QRu/Vb1/jVVKRrDGYK0vmgN/dNyRxKEtokp2ektZVUIYC
CA agent#
DN:
uid=ipara,ou=people,o=ipaca
Certificate:
CN=IPA RA
Groups:
Certificate Manager Agents
Registration Manager Agents
LDAP entry:
dn: uid=ipara,ou=people,o=ipaca
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: cmsuser
uid: ipara
sn: ipara
cn: ipara
usertype: agentType
userstate: 1
userCertificate:: MIIDpzCCAo+gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBJMScwJQYDVQQKEx5B
QkMuSURNLkxBQi5FTkcuQlJRLlJFREhBVC5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvc
ml0eTAeFw0xNjA5MDkxNTU4MjVaFw0xODA4MzAxNTU4MjVaMDoxJzAlBgNVBAoTHkFCQy5JRE0uTE
FCLkVORy5CUlEuUkVESEFULkNPTTEPMA0GA1UEAxMGSVBBIFJBMIIBIjANBgkqhkiG9w0BAQEFAAO
CAQ8AMIIBCgKCAQEAyEhU23E8CdRXxkSQ7DE5wiZimILCVN8/L6iKvyTAaiiF8qqpCHhVhFPKJUx1
Gomi8H43M1mavjnzKRW6oWvFH7fBoQs6x3HUvv/WvGQC2d3rbgA/wbdyl8XZDmB32BhZsBz1Vx2W6
LHMeDIhjYMmFjS7KqPXtGmV4tFX44wPmZrKHbwtqqgc8ljnVGH2wlezJAH+i+ze4CTM0UprNVN1iw
egDnv/booW8T2RGVmcOj2SF/m2h06kEMgqe6NDLjVPugE1JF2qOX5NrAq7TxwF3BDrr7tFIv65IJb
jyqRisPb0L+pSx3mgZIp3RYl3u4g2i861ZVZJovtZtnxLVURBGwIDAQABo4GoMIGlMB8GA1UdIwQY
MBaAFPQdAPkRQC//vZHVQxIf9KAQdzHlMFMGCCsGAQUFBwEBBEcwRTBDBggrBgEFBQcwAYY3aHR0c
DovL3ZtLTAxNi5hYmMuaWRtLmxhYi5lbmcuYnJxLnJlZGhhdC5jb206ODAvY2Evb2NzcDAOBgNVHQ
8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4I
BAQA+0vOcId5nLexb0WK8lVim0mfmy173w+2/hxG8OJc9s76FntkOkJgjJgjonpyXQWhJcXhvDUKR
7gIlMxtQvwFERLI+tAZqAAbrDwRS72cVNZpv+Vl65MUfz6wIVfPXZmSBsfTe7udBxQWGFlVatqyyK
52NBTEMjtYGMZRNiXXQoYxvy256iBkbdPcOMRbv34RKddmmJSxApm/ExYlJtQbB30i45f2housCLP
j/MoItjAAEM+xfavPD5T/3Q27FqX44Yg66F8Vc0AMUnvkZp6qXoyFSsY2LGf9zusk4xEtREOAvPGA
cljOiLAHy86a9rYx9yQ1ONOuEykK94JTrWaki
description: 2;7;CN=Certificate Authority,O=EXAMPLE.COM;CN=IPA RA,O=EXAMPLE.CO
M
CA database user (pkidbuser)#
Certificate:
CN=CA Subsystem
CA subsystem user#
DN:
uid=CA–,ou=people,o=ipaca
Certificate:
CN=CA Subsystem
Groups:
Subsystem Group
LDAP entry:
dn: uid=CA-server.example.com-9443,ou=people,o=ipaca
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: cmsuser
uid: CA-server.example.com-9443
sn: CA-server.example.com-9443
cn: CA-server.example.com-9443
mail:
usertype: agentType
userstate: 1
userPassword:: e1NTSEF9VFNicEJlSkFHUHY4T2gxRDNZQ2FkOHBCdG5zbXF6Zmw2T1pUa1E9PQ=
=
description: 2;4;CN=Certificate Authority,O=EXAMPLE.COM;CN=CA Subsystem,O=EXAM
PLE.COM
userCertificate:: MIIDrTCCApWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBJMScwJQYDVQQKEx5B
QkMuSURNLkxBQi5FTkcuQlJRLlJFREhBVC5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvc
ml0eTAeFw0xNjA5MDkxNTU3MzZaFw0xODA4MzAxNTU3MzZaMEAxJzAlBgNVBAoTHkFCQy5JRE0uTE
FCLkVORy5CUlEuUkVESEFULkNPTTEVMBMGA1UEAxMMQ0EgU3Vic3lzdGVtMIIBIjANBgkqhkiG9w0
BAQEFAAOCAQ8AMIIBCgKCAQEA7Kn4nctR2j7nOg/p1tJGBPa1eVx9CL24/ZOhVdVOvNBw+mgiVCET
Y1e9EYnapkKLC6LrhHnBMKCBImAarollZtFAESGvc27Ac7vwQubbRb6Zunbe8F6yi45yA5kyyAkkD
cSLddZfKIw+1BxL/+ld2YtYNR6KlSBp9j26PZqXln3KBdqMVMkTpn77sCEtbjeqZsTkfaO3AvKcQd
8uiQkbWf7m3tnotCmWza/RrV9yvkxdLzR+M4qiACTVFsOBpgdSeSfsL5o6ynL6k+8svDgRfUk/8fe
N3o/0w4phg5qFgJjtIUhNOg7avR995+B6r1ax3up4K/x0ltYKiwt4UWB1rwIDAQABo4GoMIGlMB8G
A1UdIwQYMBaAFPQdAPkRQC//vZHVQxIf9KAQdzHlMFMGCCsGAQUFBwEBBEcwRTBDBggrBgEFBQcwA
YY3aHR0cDovL3ZtLTAxNi5hYmMuaWRtLmxhYi5lbmcuYnJxLnJlZGhhdC5jb206ODAvY2Evb2NzcD
AOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQE
BCwUAA4IBAQAMWTXVH3Q+R4VT/QGAjRckK9GQ0Fx2nWsROqzGoPbiOATNu2CVXX1kJ+T2lcTT38tl
DA4oehKUTHs4/dY8Ge6Cv2wUjM+NzRTjW07EgK6gQ3HnQ/r93dC8j/cI+uL4hntpZqIfQWvRId3UO
DrZDFMVx+NwfdkMThoDYMAUkLvd6QMW39P7k1+sGePVBG/umxHNWHEwzRGFXdqXPj+s74zi96f2bE
nYMd7YjtfoZzKBssbQlNpVOgfLzHXYGVchK+q9+pev5o1y2UcDj+bRVCgpG0RqUYL1ZV85rgOfvP6
1xdhPJE73L6NDcurfb45MLcYxQM2KsylRrwppKCmIOMCk
KRA Users#
KRA admin (admin)#
Certificate:
CN=ipa-ca-agent
Groups:
Data Recovery Manager Agents
Administrators
KRA agent (ipakra)#
Certificate:
CN=IPA RA
Groups:
Data Recovery Manager Agents
CA subsystem user (CA–)#
Certificate:
CN=CA Subsystem
Groups:
Trusted Managers