-
Notifications
You must be signed in to change notification settings - Fork 141
Configuring System Certificate Profiles
Endi S. Dewata edited this page Jan 11, 2022
·
12 revisions
System certificate profiles are used to generate the initial system certificates during CA installation (see Two-Step Installation). These profiles are no longer used after installation.
The templates for system certificate profiles are stored in /usr/share/pki/ca/conf.
-
CA signing certificate:
-
CA OCSP signing certificate:
-
CA Audit signing certificate:
-
Subsystem certificate:
-
Server certificate:
-
CA Admin certificate:
During CA installation these templates will be copied into /var/lib/pki/<instance>/<subsystem>/conf which can be configured using the Two-Step Installation.
To configure a system certificate profile, edit the profile configuration file in /var/lib/pki/<instance>/<subsystem>/conf (not in /usr/share/pki/ca/conf):
id=... name=... description=... profileIDMapping=... profileSetIDMapping=... list=<list of numbers> <number>.default.class=... <number>.default.name=... <number>.default.params.<name>=...
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |