Show Table of Contents
13.2. Usage
Signed requests must be submitted to the CA to be processed.
- Create a PKCS #10 certificate request using a tool like
certutil. - Copy the PKCS #10 ASCII output to a text file.
- Run the
CMCEnrollcommand to sign the certificate request. If the input file isrequest34.txt, the agent's certificate is stored in the~jsmith/.mozilla/firefoxdirectory, the certificate common name for this CA isCertificate Manager Agents Cert, and the password for the certificate database is1234pass, the command is as follows:CMCEnroll -d "~jsmith/.mozilla/firefox" -n "Certificate Manager Agents Cert" -r "/export/requests/request34.txt" -p "1234pass"
The output of this command is stored in a file with the same filename and.outappended to the filename. - Submit the signed certificate through the CA end-entities page.
- Open the end-entities page.
- Select the CMC Enrollment profile form.
- Paste the content of the output file into the first text area of this form.
- Remove
-----BEGIN NEW CERTIFICATE REQUEST-----and----END NEW CERTIFICATE REQUEST-----from the pasted content. - Select Certificate Type User Certificate, fill in the contact information, and submit the form.
- The certificate is immediately processed and returned since a signed request was sent and the
CMCAuthplug-in was enabled. - Use the agent page to search for the new certificate.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.