-
Notifications
You must be signed in to change notification settings - Fork 137
CA REST API
ckelleyRH edited this page Jun 11, 2021
·
31 revisions
Deprecated doc pages to be removed - see latest docs here
= Account Services
= User Services
= User Certificate Services
= User Roles Services
= Group Services
= Group Member Services
For operations that require client certificate authentication, extract the cert and key from P12 to PEM file:
$ openssl pkcs12 -in ~/.dogtag/pki-tomcat/ca_admin_cert.p12 -out file.crt.pem -clcerts -nokeys $ openssl pkcs12 -in ~/.dogtag/pki-tomcat/ca_admin_cert.p12 -out file.key.pem -nocerts -nodes
[GET] To list all cert requests pass both the cert and key as params to curl:
$ curl -v -k -E file.crt.pem --key file.key.pem https://<host>:8443/ca/rest/agent/certrequests
Note: Use -k if the CA chain is not imported system-wide
[GET] You can also pass a PKCS12 file to curl:
$ curl -k --cert-type P12 \
--cert ~/.dogtag/pki-tomcat/ca_admin_cert.p12:<password> \
https://<host>:8443/ca/rest/agent/certrequests
Go to File → Settings → Certificates (tab) → (Under Client Certificates) Add Certificate → Select cert and key
Note: Make sure to provide the correct hostname and port to ensure that the credentials are pinned with the request.
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |