IPA RA Agent Setup
From Dogtag
Initializing PKI CLI
Import the RA certificate and key into a PKCS #12 file:
$ openssl pkcs12 -export \ -in /var/lib/ipa/ra-agent.pem \ -inkey /var/lib/ipa/ra-agent.key \ -out ra-agent.p12 \ -name ra-agent \ -passout file:password.txt
Then import the PKCS #12 file into the NSS database:
$ pki pkcs12-import --pkcs12-file ra-agent.p12 --pkcs12-password-file password.txt
Listing Keys
To list all keys:
$ pki -n ra-agent kra-key-find
To list the key for a vault:
$ pki -n ra-agent kra-key-find --clientKeyID ipa:/users/<user>/<vault> --status active --output-format json