PKI 10.3 Issuing OCSP Certificates with PKI CA
Endi S. Dewata edited this page Jan 13, 2022
·
1 revision
This page describes the process to issue OCSP certificates with pki ca command on PKI 10.3 or later.
The certificate requests can be submitted to a PKI CA with the following commands:
$ pki -U <CA URL> ca-cert-request-submit --profile caUserCert --csr-file ocsp_admin.csr --subject uid=ocspadmin $ pki -U <CA URL> ca-cert-request-submit --profile caSignedLogCert --csr-file ocsp_audit_signing.csr $ pki -U <CA URL> ca-cert-request-submit --profile caOCSPCert --csr-file ocsp_signing.csr $ pki -U <CA URL> ca-cert-request-submit --profile caServerCert --csr-file ocsp_sslserver.csr $ pki -U <CA URL> ca-cert-request-submit --profile caSubsystemCert --csr-file ocsp_subsystem.csr
The CA admin can approve the request by executing the following command:
$ pki -U <CA URL> -c Secret.123 -n caadmin ca-cert-request-review <request ID> --action approve
The certificates and the CA signing certificate can be downloaded with the following commands:
$ pki -U <CA URL> ca-cert-show <cert ID> --output ocsp_admin.crt $ pki -U <CA URL> ca-cert-show <cert ID> --output ocsp_audit_signing.crt $ pki -U <CA URL> ca-cert-show <cert ID> --output ocsp_signing.crt $ pki -U <CA URL> ca-cert-show <cert ID> --output ocsp_sslserver.crt $ pki -U <CA URL> ca-cert-show <cert ID> --output ocsp_subsystem.crt $ pki -U <CA URL> ca-cert-show 0x1 --output ca_signing.crt
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |