Difference between revisions of "PKI CA Certificate Request CLI"

From Dogtag
Jump to: navigation, search
m (Listing Certificate Requests)
m (Checking Certificate Request Status)
 
Line 64: Line 64:
  
 
<pre>
 
<pre>
$ pki ca-cert-request-show <certificate request ID>
+
$ pki ca-cert-request-show <request ID>
 
</pre>
 
</pre>
  

Latest revision as of 02:14, 10 August 2019

Overview

The commands to view or process certificate requests must be executed as an agent.

Listing Certificate Requests

This command requires agent authentication:

$ pki -d ~/.dogtag/pki-tomcat/ca/alias/ -c Secret.123 -n caadmin ca-cert-request-find
-----------------
2 entries matched
-----------------
  Request ID: 1
  Type: enrollment
  Request Status: complete
  Operation Result: success
  Certificate ID: 0x1

  Request ID: 2
  Type: enrollment
  Request Status: complete
  Operation Result: success
  Certificate ID: 0x2
----------------------------
Number of entries returned 2
----------------------------

Getting Certificate Request Templates

This command does not require authentication:

$ pki ca-cert-request-profile-show <profile> --output <filename>

Reviewing Certificate Requests

To review a certificate request:

$ pki <agent authentication> ca-cert-request-review <request ID> --file <filename>

It will store the certificate request in the output file and wait for an action. The file should be reviewed manually and may be edited if necessary.

Then enter one of the following actions to complete the review:

  • approve
  • reject
  • cancel
  • update
  • validate
  • assign
  • unassign

Alternatively, the approval process can be done in a single step:

$ pki <agent authentication> ca-cert-request-review <request ID> --action approve

Checking Certificate Request Status

$ pki ca-cert-request-show <request ID>

References