-
Notifications
You must be signed in to change notification settings - Fork 137
Using caManualRenewal Profile
Endi S. Dewata edited this page Jan 16, 2021
·
1 revision
This certificate profile is for renewing certificates to be approved manually by agents.
To renew client certificate that is still valid:
$ pki -n testuser client-cert-request uid=testuser \
--profile caManualRenewal
To renew expired client certificate or other certificate, download the profile:
$ pki ca-cert-request-profile-show caManualRenewal --output caManualRenewal.xml
Enter the serial number of the certificate to be renewed in the <SerialNumber> element or in the <Attribute name="serial_num">. The serial number must be specified in decimal number.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CertEnrollmentRequest>
<Attributes/>
<ProfileID>caManualRenewal</ProfileID>
<Renewal>true</Renewal>
<SerialNumber></SerialNumber>
<RemoteHost></RemoteHost>
<RemoteAddress></RemoteAddress>
<Input id="i1">
<ClassID>serialNumRenewInputImpl</ClassID>
<Name>Serial Number of Certificate to Renew</Name>
<Attribute name="serial_num">
<Value></Value>
<Descriptor>
<Syntax>string</Syntax>
<Description>Serial Number of Certificate to Renew</Description>
</Descriptor>
</Attribute>
</Input>
</CertEnrollmentRequest>
Then submit the request:
$ pki ca-cert-request-submit caManualRenewal.xml
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |