Difference between revisions of "PKI Server CLI"

From Dogtag
Jump to: navigation, search
m (Other Commands)
m (Subsystem Management Commands)
 
Line 75: Line 75:
 
* [[PKI Server TPS CLI]]
 
* [[PKI Server TPS CLI]]
 
* [[PKI Server Subsystem CLI]]
 
* [[PKI Server Subsystem CLI]]
 +
* [[PKI Server ACME CLI]]
  
 
= Other Commands =
 
= Other Commands =

Latest revision as of 22:08, 21 May 2020

Overview

The pki-server command is a command-line interface to manage PKI servers on the local machine. The command does not require an authentication, but it can only be run by the system administrator.

Issues

Due to OpenLDAP changes in Fedora 29 Python is no longer able to use NSS database to establish an SSL LDAP connection. This issue might be affecting the following commands:

  • pki-server ca-cert-request-find
  • pki-server ca-cert-request-show
  • pki-server subsystem-cert-request-find
  • pki-server db-upgrade
  • pki-server kra-db-vlv-find
  • pki-server kra-db-vlv-add
  • pki-server kra-db-vlv-del
  • pki-server kra-db-vlv-reindex
  • pki-server tps-db-vlv-find
  • pki-server tps-db-vlv-add
  • pki-server tps-db-vlv-del
  • pki-server tps-db-vlv-reindex
  • pki-server cert-update
  • pki-server cert-fix
  • pki-server cert-create

See also:

Workaround #1: Export CA Certificate Chain

Prior to executing the above commands export the CA signing certificate chain from the NSS database into individual certificate files, for example:

$ certutil -L -d /etc/pki/pki-tomcat/alias -n ca_signing -a > /etc/pki/pki-tomcat/alias/ca_signing.crt

Then execute the following command to generate the hash files for the certificate files:

$ openssl rehash /etc/pki/pki-tomcat/alias

Workaround #2: Disable SSL LDAP Connection

Prior to executing the above commands, disable the SSL LDAP connection first, then it can be reenabled again later.

Server Management Commands

NSS Management Commands

Subsystem Management Commands

Other Commands

References