forked from freeipa/freeipa
-
Notifications
You must be signed in to change notification settings - Fork 0
Cloning
Endi S. Dewata edited this page Jul 22, 2022
·
1 revision
During cloning, the certificates and keys are transfered to the replica with the following procedure:
-
A temporary NSS database is created
-
Replica downloads PKCS#12 files for the following certificates:
-
caSigningCert cert-pki-ca -
ocspSigningCert cert-pki-ca -
auditSigningCert cert-pki-ca -
subsystemCert cert-pki-ca
-
-
The PKCS#12 files are imported with
pk12utilinto the temporary NSS database -
All IPA CA certs are imported into the temporary NSS database as well
-
The temporary NSS database is exported into one PKCS#12 file with
PKCS12Export