Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 338

Chapter 13. Basic Subsystem Management
b. Open the Advanced tab, and select Encryption.
c. Click the View Certificates button.
d. In the Your Certificates tab, select the SSLuser user certificate, and click the Backup ...
button.
e. Save the certificate to a file, like SSLuser.p12.
6. Import the user certificate into the Certificate System subsystem instance's security database.
a. A password is required to access the security database. This password is located in the
password.conf file.
cat /var/lib/subsystem_name/conf/password.conf
internal:195450686822
b. Import the PKCS #12 key and certificate into the security database using the pk12util
command.
pk12util -d /var/lib/subsystem_name/alias -i /tmp/SSLuser.p12
c. Use certutil to verify that the certificate was properly installed. For example:
certutil -d /var/lib/subsystem_name/alias -L
Certificate Nickname
's Example Domain u,u,u
subsystemCert cert-instance_name
Server-Cert cert-instance_name
auditSigningCert cert-instance_name
TIP
The nickname for user certificates is frequently blank or not friendly. To change the
nickname of the certificate, re-import it with a specified nickname:
certutil -d /var/lib/subsystem_name/alias -D -n "'s Example Domain"
certutil -d /var/lib/subsystem_name/alias -A -i /tmp/SSLuser.p12 -t u,u,u -n
"SSLuser certificate"
7. Create the corresponding SSLuser user entry in the Certificate System subsystem instance, and
import the user certificate into the user entry. This is covered in
Section 14.5.2, "Adding Users"
and in
8. Stop the Certificate System instance.
service subsystem_name stop
9. Open the subsystem configuration directory.
316
Trust Attributes
u,u,u
u,u,u
u,u,u
for the TPS.
SSL,S/MIME,JAR/XPI
Section 14.3.2.1, "Creating Users"