Default CA Admin

Overview

This document describes the default admin user which is created during installation.

The default CA admin user belongs to the following groups:

• Certificate Manager Agents

• Administrators

• Security Domain Administrators

• Enterprise CA Administrators

• Enterprise KRA Administrators

• Enterprise OCSP Administrators

• Enterprise TKS Administrators

• Enterprise RA Administrators

• Enterprise TPS Administrators

After installing the CA, the admin certificate and key will be stored in the following files in ~/.dogtag/pki-tomcat:

• ca_admin.cert: PEM certificate

• ca_admin.cert.der: DER certificate

• ca_admin_cert.p12: PKCS #12 file containing certificate and key

The PKCS #12 file is protected with a password specified in the pki_client_pkcs12_password parameter during installation.

Using Admin Certificate with PKI CLI

See Importing Admin Certificate into PKI CLI.

Using Admin Certificate with Firefox

See Importing Admin Certificate into Firefox.

Using Admin Certificate with Python Clients

To use the certificate with Python clients, export both the certificate and private key into a PEM file:

$ pki client-cert-show caadmin --client-cert caadmin.pem

See Also

• Adding CA Admin

• Adding CA Agent

• Adding KRA Agent

• Adding System User