-
Notifications
You must be signed in to change notification settings - Fork 137
Generating CMC Shared Token
Endi S. Dewata edited this page Jul 26, 2022
·
11 revisions
This page describes the process to generate a CMC shared token for issuing a user certificate.
It assumes that:
-
Issuance protection certificate has been created.
To generate a shared token:
$ CMCSharedToken \
-d /etc/pki/pki-tomcat/alias \
-p Secret.123 \
-n ca_issuance_protection \
-s <token> \
-o testuser.b64
The token will be encrypted with issuance protection’s public key and stored into testuser.b64. Convert the encrypted token into a single line with the following command:
$ SHARED_TOKEN=$(sed -e :a -e 'N;s/\n//;ba' testuser.b64)
To assign the shared token to a user, add the extensibleObject object class and the shrTok attribute into the LDAP user:
$ ldapmodify \
-H ldap://ds.example.com:3389 \
-x \
-D "cn=Directory Manager" \
-w Secret.123 \
<< EOF
dn: uid=testuser,ou=people,dc=example,dc=com
changetype: modify
add: objectClass
objectClass: extensibleObject
-
add: shrTok
shrTok: $SHARED_TOKEN
-
EOF
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |