Difference between revisions of "Installing CA with Existing Certificates"

From Dogtag
Jump to: navigation, search
m (Overview)
(Overview)
Line 3: Line 3:
 
This page describe the process to install CA instance with an existing CA signing certificate and key in PKI server 10.3.
 
This page describe the process to install CA instance with an existing CA signing certificate and key in PKI server 10.3.
  
This functionality allows migration from an existing CA to a new CA while maintaining the same CA signing certificate and key. Currently it only supports migrating the CA signing certificate, but in the future it may support migrating other system certificates as well (see [https://fedorahosted.org/pki/ticket/2280 ticket #2280]).
+
This functionality allows migration from an existing CA to a new CA while maintaining the same CA signing certificate and key. Currently it only supports migrating the CA signing certificate, but in the future it may support migrating other system certificates as well (see [https://pagure.io/dogtagpki/issue/2280 dogtagpki Pagure Issue #2280]).
  
 
There are two ways to install CA instance with an existing CA signing certificate:
 
There are two ways to install CA instance with an existing CA signing certificate:

Revision as of 18:56, 21 March 2017

Overview

This page describe the process to install CA instance with an existing CA signing certificate and key in PKI server 10.3.

This functionality allows migration from an existing CA to a new CA while maintaining the same CA signing certificate and key. Currently it only supports migrating the CA signing certificate, but in the future it may support migrating other system certificates as well (see dogtagpki Pagure Issue #2280).

There are two ways to install CA instance with an existing CA signing certificate:

There's actually another way using NSS database, but this not recommended:

References