-
Notifications
You must be signed in to change notification settings - Fork 139
PKI Server CLI
The pki-server
command is a tool for managing PKI servers on the local machine. The command does not require an authentication, but it can only be run by the system administrator.
In general the PKI Server CLI takes the following parameters:
$ pki-server [CLI options] <command> [command arguments/options]
The CLI options should be placed before the command. The command arguments/options should be placed after the command.
To view available commands and options:
$ pki-server --help
Some commands may have sub-commands. To view the sub-commands:
$ pki-server <command>
To view the command usage:
$ pki-server <command> --help
To run the command in verbose mode:
$ pki-server -v <command>
Due to OpenLDAP changes in Fedora 29 Python is no longer able to use NSS database to establish an SSL LDAP connection. This issue might be affecting the following commands:
-
pki-server ca-cert-request-find
-
pki-server ca-cert-request-show
-
pki-server subsystem-cert-request-find
-
pki-server db-upgrade
-
pki-server cert-update
-
pki-server cert-fix
-
pki-server cert-create
See also:
Prior to executing the above commands export the CA signing certificate chain from the NSS database into individual certificate files, for example:
$ certutil -L -d /var/lib/pki/pki-tomcat/conf/alias -n ca_signing -a > /var/lib/pki/pki-tomcat/conf/alias/ca_signing.crt
Then execute the following command to generate the hash files for the certificate files:
$ openssl rehash /var/lib/pki/pki-tomcat/conf/alias
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |