Difference between revisions of "IPA RA Agent Setup"

From Dogtag
Jump to: navigation, search
(Created page with "= Importing RA Agent Certificate and Key = <pre> $ openssl pkcs12 -export \ -in /var/lib/ipa/ra-agent.pem \ -inkey /var/lib/ipa/ra-agent.key \ -out ra-agent.p12 \...")
 
m (Listing Keys)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Importing RA Agent Certificate and Key =
+
= Initializing PKI CLI =
 +
 
 +
Import the RA certificate and key into a PKCS #12 file:
  
 
<pre>
 
<pre>
Line 8: Line 10:
 
     -name ra-agent \
 
     -name ra-agent \
 
     -passout file:password.txt
 
     -passout file:password.txt
 +
</pre>
 +
 +
Then import the PKCS #12 file into the NSS database:
 +
 +
<pre>
 +
$ pki pkcs12-import --pkcs12-file ra-agent.p12 --pkcs12-password-file password.txt
 +
</pre>
 +
 +
= Listing Keys =
 +
 +
To list all keys:
 +
 +
<pre>
 +
$ pki -n ra-agent kra-key-find
 +
</pre>
 +
 +
To list the key for a vault:
 +
 +
<pre>
 +
$ pki -n ra-agent kra-key-find --clientKeyID ipa:/users/<user>/<vault> --status active --output-format json
 
</pre>
 
</pre>
  

Latest revision as of 19:23, 10 October 2019

Initializing PKI CLI

Import the RA certificate and key into a PKCS #12 file:

$ openssl pkcs12 -export \
    -in /var/lib/ipa/ra-agent.pem \
    -inkey /var/lib/ipa/ra-agent.key \
    -out ra-agent.p12 \
    -name ra-agent \
    -passout file:password.txt

Then import the PKCS #12 file into the NSS database:

$ pki pkcs12-import --pkcs12-file ra-agent.p12 --pkcs12-password-file password.txt

Listing Keys

To list all keys:

$ pki -n ra-agent kra-key-find

To list the key for a vault:

$ pki -n ra-agent kra-key-find --clientKeyID ipa:/users/<user>/<vault> --status active --output-format json

See Also