IPA RA Agent Setup

From Dogtag
Revision as of 19:23, 10 October 2019 by Edewata (talk | contribs) (Listing Keys)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Initializing PKI CLI

Import the RA certificate and key into a PKCS #12 file:

$ openssl pkcs12 -export \
    -in /var/lib/ipa/ra-agent.pem \
    -inkey /var/lib/ipa/ra-agent.key \
    -out ra-agent.p12 \
    -name ra-agent \
    -passout file:password.txt

Then import the PKCS #12 file into the NSS database:

$ pki pkcs12-import --pkcs12-file ra-agent.p12 --pkcs12-password-file password.txt

Listing Keys

To list all keys:

$ pki -n ra-agent kra-key-find

To list the key for a vault:

$ pki -n ra-agent kra-key-find --clientKeyID ipa:/users/<user>/<vault> --status active --output-format json

See Also