Cmc Enrollment; Syntax; Usage - Red Hat CERTIFICATE SYSTEM 7.3 - COMMAND-LINE Manual

Chapter 13.

CMC Enrollment

The CMC Enrollment utility, CMCEnroll, is used to sign a certificate request with an agent's
certificate. This can be used in conjunction with the CA end-entity CMC Enrollment form to sign and
enroll certificates for users.

13.1. Syntax

This utility has the following syntax:
CMCEnroll -d directory_containing_agent_cert -h db_password -n certificate_nickname
-r certificate_request_file -p certificate_DB_passwd [-c comment]
Option
d
h
n
r
p
c
Table 13.1.
NOTE
Surround values that include spaces with quotation marks.

13.2. Usage

Signed requests must be submitted to the CA, either by sending them directly to the Certificate
Authority or by using the CA agent page. Certificate System provides a Certificate Authority Certificate
Enrollment form called CMCEnrollment.html. The default configuration of this form does not include
the necessary field to paste an enrollment request. To use this form to submit requests, change the
configuration so that this field is available.
To enable the CMC Enrollment form for the CA end-entity interface, do the following:
1. Open the CA's web directory in /var/lib/rhpki-ca/web-apps/ca/ee/ca.
2. Open the CMCEnrollment.html file.
3. Find the following line:
Description
The directory containing the cert8.db,
key3.db, and secmod.db files associated with
the agent certificate.
Password to the directory specified in the d
option.
The nickname of the certificate.
The filename of the certificate request.
The password to the browser certificate
database.
Optional. Includes comments about the request.
49