Manualshelf

System information

ManualsBrandsRed Hat ManualsOtherCERTIFICATE SYSTEM 7.3 - COMMAND-LINE
61626364656667686970
requests, change the configuration so that this field is available.
To enable the CMC Enrollment form for the CA end-entity interface, do the following:
1. Open the CA's web directory in /var/lib/rhpki-ca/web-apps/ca/ee/ca.
2. Open the CMCEnrollment.html file.
3. Find the following line:
form method="post" action="/enrollment" onSubmit="return
validate(document.forms[0])"
4. Add the following line below that line:
input type="hidden" name="authenticator" value="CMCAuth"
5. After configuring the HTML form, test CMCEnroll and the form by doing the following:
a. Create a certificate request using certutil.
b. Copy the PKCS #10 ASCII output to a text file.
c. Run the CMCEnroll command to sign the certificate request. If the input file is
request34.txt, the agent's certificate is stored in the /export/certs directory, the
certificate common name for this CA is CertificateManagerAgentsCert, and the
password for the certificate database is 1234pass, the command is as follows:
CMCEnroll -d "/export/certs" -n "CertificateManagerAgentsCert" -r
"/export/requests/request34.txt" -p "1234pass"
The output of this command is stored in a file with the same filename and .out appended
to the filename.
d. Submit the signed certificate through the CA end-entities page.
i. Open the end-entities page.
ii. Select the CMC Enrollment profile form.
iii. Paste the content of the output file into the first text area of this form.
iv. Remove -----BEGIN NEW CERTIFICATE REQUEST----- and ----END NEW
CERTIFICATE REQUEST----- from the pasted content.
v. Select Certificate Type User Certificate, fill in the contact information, and submit the
Chapter 13. CMC Enrollment
56