Open pki-bot opened 4 years ago
Comment from mharmsen (@mharmsen) at 2018-03-07 21:08:24
Metadata Update from @mharmsen:
Comment from edewata (@edewata) at 2018-03-09 19:46:07
Hi, I think the pki-server ca-cert-chain-export command was originally intended to export the cert chain of the system certs, excluding the leaf cert itself. So if you have a sub CA cert, the cert chain is just the root CA cert.
It might not be a very useful command, so we might deprecate it in the future. There is a better command to export the CA signing cert with the complete chain:
$ pki-server cert-export ca_signing ...
or if that is not available in PKI 10.4, try this:
$ pki-server subsystem-cert-export ca signing ...
If that works, feel free to close this ticket, or keep it open to deprecate the pki-server ca-cert-chain-export. Thanks!
Comment from tvaughan (@trevor-vaughan) at 2018-03-13 21:51:06
@edewata The second command subsystem-cert-export
worked for my purposes.
I would suggest updating the documentation to reflect the proper method for doing this and definitely deprecating, or changing, the ca-cert-chain-export
command.
Thanks for the help, this can be closed.
This issue was migrated from Pagure Issue #2953. Originally filed by tvaughan (@trevor-vaughan) on 2018-03-02 10:20:55:
I have set up a root and sub CA and am attempting to export the entire certificate chain for the sub CA using the following command:
pki-server ca-cert-chain-export -i sub-ca --pkcs12-file sub-ca-chain.p12 --pkcs12-password-file sub-ca.pwd
When run, this is only exporting the root CA certificate and does not output both the sub CA and the root CA certificate which is what I was expecting.
Package Version: pki-server-10.4.1-17.el7_4.noarch