IPA RA Agent Setup

From Dogtag
Jump to: navigation, search

Initializing PKI CLI

Import the RA certificate and key into a PKCS #12 file: 

$ openssl pkcs12 -export \
    -in /var/lib/ipa/ra-agent.pem \
    -inkey /var/lib/ipa/ra-agent.key \
    -out ra-agent.p12 \
    -name ra-agent \
    -passout file:password.txt

Then import the PKCS #12 file into the NSS database: 

$ pki pkcs12-import --pkcs12-file ra-agent.p12 --pkcs12-password-file password.txt

Listing Keys

To list all keys: 

$ pki -n ra-agent kra-key-find

To list the key for a vault: 

$ pki -n ra-agent kra-key-find --clientKeyID ipa:/users/<user>/<vault> --status active --output-format json

See Also

Retrieved from "http://www.dogtagpki.org/index.php?title=IPA_RA_Agent_Setup&oldid=37467"