Installing CA with Existing Certificates

From Dogtag
Revision as of 18:56, 21 March 2017 by Mharmsen (talk | contribs) (Overview)

Jump to: navigation, search

Overview

This page describe the process to install CA instance with an existing CA signing certificate and key in PKI server 10.3.

This functionality allows migration from an existing CA to a new CA while maintaining the same CA signing certificate and key. Currently it only supports migrating the CA signing certificate, but in the future it may support migrating other system certificates as well (see dogtagpki Pagure Issue #2280).

There are two ways to install CA instance with an existing CA signing certificate:

There's actually another way using NSS database, but this not recommended:

References