Skip to content

Default CA Admin

Jump to bottom
Endi S. Dewata edited this page May 5, 2021 · 9 revisions

Overview

This document describes the default admin user which is created during installation.

The default CA admin user belongs to the following groups:

  • Certificate Manager Agents

  • Administrators

  • Security Domain Administrators

  • Enterprise CA Administrators

  • Enterprise KRA Administrators

  • Enterprise OCSP Administrators

  • Enterprise TKS Administrators

  • Enterprise RA Administrators

  • Enterprise TPS Administrators

After installing the CA, the admin certificate and key will be stored in the following files in ~/.dogtag/pki-tomcat:

  • ca_admin.cert: PEM certificate

  • ca_admin.cert.der: DER certificate

  • ca_admin_cert.p12: PKCS #12 file containing certificate and key

The PKCS #12 file is protected with a password specified in the pki_client_pkcs12_password parameter during installation.

Using Admin Certificate with PKI CLI

Using Admin Certificate with Firefox

To use the certificate with Firefox, import the PKCS #12 file (i.e. ca_admin_cert.p12) into the browser.

Using Admin Certificate with Python Clients

To use the certificate with Python clients, export both the certificate and private key into a PEM file:

$ pki -C client_password.txt client-cert-show caadmin --client-cert caadmin.pem

See Also

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
Clone this wiki locally