Skip to content

PKI Server CA Certificate CLI

Jump to bottom
Endi S. Dewata edited this page Mar 21, 2023 · 12 revisions

Listing Certificates

To list certificates in CA:

$ pki-server ca-cert-find

Creating Certificate

To create a certificate from a certificate request in CA:

$ pki-server ca-cert-create \
    --request <ID> \
    --profile <filename> \
    --key-ID <ID> \
    --serial <serial>

where:

  • The --profile parameter specifies the filename of the bootstrap profile in /etc/pki/pki-tomcat/ca without the path (e.g. serverCert.profile).

Availability: Since PKI 11.3.

Importing Certificate

To import a certificate into CA:

$ pki-server ca-cert-import \
    --cert <path> \
    --profile <filename> \
    --request <ID>

where:

  • The --profile parameter specifies the filename of the bootstrap profile in /etc/pki/pki-tomcat/ca without the path (e.g. serverCert.profile).

Availability: Since PKI 11.3.

Removing Certificate

To remove a certificate from CA:

$ pki-server ca-cert-del <serial>

Exporting Certificate Chain

To export certificate chain to install additional subsystems:

$ pki-server ca-cert-chain-export --pkcs12-file cert-chain.p12 --pkcs12-password-file password.txt
Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
Clone this wiki locally