Tip
This is the documentation for the 22.02 version. Looking for the documentation of the latest version? Have a look here.
Certificate Management¶
After submitting the certificate signing request to the CA, the CA will sign the request and return a signed copy of the certificate. Typically this will be sent in PEM format, the same format used for the CSR and private key.
The certificate data can be imported in one of two ways:
Use
pki certificate <name> enter
then copy and paste the PEM dataCopy the PEM format certificate file to the TNSR host, then use
pki certificate <name> import <file>
to import from a file from the current working directory.
The certificate data is stored in a file at
/etc/pki/tls/tnsr/certs/<name>.crt
after entering or importing the contents.
Warning
When importing a certificate created outside of TNSR, The private key must be imported and present before TNSR can import the certificate.
Copy and Paste¶
First, use the enter
command:
tnsr# pki certificate mycert enter
Type or paste a PEM-encoded certificate.
Include the lines containing 'BEGIN CERTIFICATE' and 'END CERTIFICATE'
Note
Remember that the private key, CSR, and certificate must all use identical names!
Next, paste the certificate data:
-----BEGIN CERTIFICATE-----
<cert data>
-----END CERTIFICATE-----
Import from File¶
First, make sure that the copy of the certificate file is in PEM format. The CA may have delivered the certificate in PEM format, or another format. Convert the certificate to PEM format if it did not come that way.
Next, copy the certificate file to TNSR and start the CLI from the directory
containing the certificate file. The filename extension is not significant, and
may be pem
, crt
, txt
, or anything else depending on how the file was
delivered from the CA.
Next, use the import
command:
tnsr# pki certificate mycert import mycert.pem
Other Certificate Operations¶
To view a list of all certificates known to TNSR:
tnsr# pki certificate list
To view the PEM data for a specific certificate known to TNSR:
tnsr# pki certificate <name> get
To delete a certificate:
tnsr# pki certificate <name> delete