Initializing PKI CLI#
Import the RA certificate and key into a PKCS #12 file:
$ openssl pkcs12 -export \
-in /var/lib/ipa/ra-agent.pem \
-inkey /var/lib/ipa/ra-agent.key \
-out ra-agent.p12 \
-name ra-agent \
-passout file:password.txt
Then import the PKCS #12 file into the NSS database:
$ pki pkcs12-import --pkcs12-file ra-agent.p12 --pkcs12-password-file password.txt
Listing Keys#
To list all keys:
$ pki -n ra-agent kra-key-find
To list the key for a vault:
$ pki -n ra-agent kra-key-find --clientKeyID ipa:/users/<user>/<vault> --status active --output-format json