CMCEnroll(1)

1CMCEnroll(1)                PKI CMC Enrollment Tool               CMCEnroll(1)
2
3
4

NAME

6       CMCEnroll - Used to sign a certificate request with an agent's certifi‐
7       cate.
8
9       Note: This tool has not yet  been  updated  to  work  with  the  latest
10       improvement  in  the  CA to conform to RFC 5272.  Please use CMCRequest
11       instead.
12
13

SYNOPSIS

15       CMCEnroll -d <directory_of_NSS_security_database_containing_agent_cert>
16       -n  <certificate_nickname>  -r  <certificate_request_file> -p <certifi‐
17       cate_DB_passwd>
18
19

DESCRIPTION

21       The Certificate Management  over  Cryptographic  Message  Syntax  (CMC)
22       Enrollment  utility, CMCEnroll, provides a command-line utility used to
23       sign a certificate request with an agent's  certificate.  This  can  be
24       used  in conjunction with the CA end-entity CMC Enrollment form to sign
25       and enroll certificates for users.
26
27       CMCEnroll takes a standard PKCS #10 certificate request  and  signs  it
28       with  an  agent  certificate.  The output is also a certificate request
29       which can be submitted through the appropriate profile.
30
31

OPTIONS

33       The following parameters are mandatory:
34
35       Note: Surround values that include spaces with quotation marks.
36
37       -d <directory_of_NSS_security_database_containing_agent_cert>
38              The directory containing the cert8.db,  key3.db,  and  secmod.db
39              files associated with the agent certificate. This is usually the
40              agent's personal directory, such as  their  browser  certificate
41              database in the home directory.
42
43
44       -n <certificate_nickname>
45              The  nickname  of the agent certificate that is used to sign the
46              request.
47
48
49       -r <certificate_request_file>
50              The filename of the certificate request.
51
52
53       -p <certificate_DB_passwd>
54              The password to the NSS certificate database which contains  the
55              agent  certificate, given in -d <directory_of_NSS_security_data‐
56              base_containing_agent_cert>.
57
58

EXAMPLES

60       Signed requests must be submitted to the CA to be processed.
61
62       Note: For this example to work automatically, the CMCAuth plug-in  must
63       be enabled on the CA server (which it is by default).
64
65       (1) Create a PKCS #10 certificate request using a tool like certutil:
66
67              # cd ~/.mozilla/firefox/<browser profile>
68
69              # certutil -d . -L
70              Certificate Nickname                                         Trust Attributes
71                                                                           SSL,S/MIME,JAR/XPI
72
73              Google Internet Authority G2                                 ,,
74              COMODO RSA Domain Validation Secure Server CA                ,,
75              pki.example.com                                              ,,
76              DigiCert SHA2 Secure Server CA                               ,,
77              DigiCert SHA2 Extended Validation Server CA                  ,,
78              COMODO RSA Extended Validation Secure Server CA 2            ,,
79              Symantec Class 3 Secure Server CA - G4                       ,,
80              Go Daddy Secure Certificate Authority - G2                   ,,
81              Oracle SSL CA - G2                                           ,,
82              GeoTrust EV SSL CA - G4                                      ,,
83              Symantec Class 3 Secure Server SHA256 SSL CA                 ,,
84              GeoTrust SSL CA - G3                                         ,,
85              PKI Administrator for example.com                            u,u,u
86              DigiCert SHA2 High Assurance Server CA                       ,,
87              COMODO RSA Organization Validation Secure Server CA          ,,
88              CA Signing Certificate - example.com Security Domain         CT,C,C
89
90              # certutil -d . -R -s "CN=CMCEnroll Test Certificate" -a
91
92              A random seed must be generated that will be used in the
93              creation of your key.  One of the easiest ways to create a
94              random seed is to use the timing of keystrokes on a keyboard.
95
96              To begin, type keys on the keyboard until this progress meter
97              is full.  DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!
98
99
100              Continue typing until the progress meter is full:
101
102              |************************************************************|
103
104              Finished.  Press enter to continue:
105
106
107              Generating key.  This may take a few moments...
108
109
110              Certificate request generated by Netscape certutil
111              Phone: (not specified)
112
113              Common Name: CMCEnroll Test Certificate
114              Email: (not specified)
115              Organization: (not specified)
116              State: (not specified)
117              Country: (not specified)
118
119              -----BEGIN CERTIFICATE REQUEST-----
120              MIICajCCAVICAQAwJTEjMCEGA1UEAxMaQ01DRW5yb2xsIFRlc3QgQ2VydGlmaWNh
121              dGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDamQA6psK7Tnic3DAt
122              IyAMCk7FK3PuSseJSrR/C7W05tPvrlp5vUKxpmcA+Pg3AANp5gVMQOps6riAvoK7
123              6NKTkw4Me09Cowad7ay9IBBY4QqqBmRnfT3Mm6U5tJWeqvq1cIkwoxzHllgsGBGM
124              QduI7URjhQYx3p+srGSe0fM7bqK+AU6aJh4r0jc1A6pCv/2XMOY1IUzmjIEnNq2R
125              WOpnsWQ4UDma1r8sUzKgNhkuhjPU5U5YGt9+0jiuqv14dbKi7UJN3DPtkEXZNOrF
126              rGgqKhdUqLhrdm+x/Hgw/aZoSDFYXON9jFTFyMUyUkWXZq5sfwghWUC2q4DsbfvH
127              68h1AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAQ9aHQvPDcDuOJOL62pQeoDJp
128              YtFmsDaksdhedG27usjPuX06XmzSIV3/D2zfPib2fpfdrHB5901TdehlghQVOkN6
129              sSoih60GSD9zCkFD1eESywJJeZssRfDG4gk2Ls9wXz5ZY/QwSx6C97SodF0cuDHL
130              FsymesuxhePL7sYkkmazjgQTkA/JXLe6FYX213xQ+FGfQvmAqc9xHu5jvnBXX+Ub
131              ucixaLKUiRIVHfTmuUb/qenEBQM2vzWDZawHL5SBSa/Zxjy2iVMrQBeOiLcu8bTL
132              TAmSCbonRTilFrKFVG0H+Y9+5bulOdJc64XOvj9DRJd1FJoocw0eGhw31I5rJA==
133              -----END CERTIFICATE REQUEST-----
134
135       (2) Copy the PKCS #10 ASCII output to a text file.
136
137              # vi cert.req
138              -----BEGIN CERTIFICATE REQUEST-----
139              MIICajCCAVICAQAwJTEjMCEGA1UEAxMaQ01DRW5yb2xsIFRlc3QgQ2VydGlmaWNh
140              dGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDamQA6psK7Tnic3DAt
141              IyAMCk7FK3PuSseJSrR/C7W05tPvrlp5vUKxpmcA+Pg3AANp5gVMQOps6riAvoK7
142              6NKTkw4Me09Cowad7ay9IBBY4QqqBmRnfT3Mm6U5tJWeqvq1cIkwoxzHllgsGBGM
143              QduI7URjhQYx3p+srGSe0fM7bqK+AU6aJh4r0jc1A6pCv/2XMOY1IUzmjIEnNq2R
144              WOpnsWQ4UDma1r8sUzKgNhkuhjPU5U5YGt9+0jiuqv14dbKi7UJN3DPtkEXZNOrF
145              rGgqKhdUqLhrdm+x/Hgw/aZoSDFYXON9jFTFyMUyUkWXZq5sfwghWUC2q4DsbfvH
146              68h1AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAQ9aHQvPDcDuOJOL62pQeoDJp
147              YtFmsDaksdhedG27usjPuX06XmzSIV3/D2zfPib2fpfdrHB5901TdehlghQVOkN6
148              sSoih60GSD9zCkFD1eESywJJeZssRfDG4gk2Ls9wXz5ZY/QwSx6C97SodF0cuDHL
149              FsymesuxhePL7sYkkmazjgQTkA/JXLe6FYX213xQ+FGfQvmAqc9xHu5jvnBXX+Ub
150              ucixaLKUiRIVHfTmuUb/qenEBQM2vzWDZawHL5SBSa/Zxjy2iVMrQBeOiLcu8bTL
151              TAmSCbonRTilFrKFVG0H+Y9+5bulOdJc64XOvj9DRJd1FJoocw0eGhw31I5rJA==
152              -----END CERTIFICATE REQUEST-----
153
154       (3) Run the CMCEnroll command to sign the certificate request. If the input file is "~/.mozilla/firefox/<profile>/cert.req", the agent's certificate is stored in the "~/.mozilla/firefox<profile>fP" directory, the certificate common name for this CA is "PKI Administrator for example.com", and the password for the certificate database is "Secret123", the command is as follows:
155
156              # CMCEnroll -d "~/.mozilla/firefox/<profile>/" -n "PKI Administrator for example.com" -r "~/.mozilla/firefox/<profile>/cert.req" -p "Secret123"
157              cert/key prefix =
158              path = ~/.mozilla/firefox/<profile>/
159              -----BEGIN CERTIFICATE REQUEST-----
160              MIICajCCAVICAQAwJTEjMCEGA1UEAxMaQ01DRW5yb2xsIFRlc3QgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDamQA6psK7Tnic3DAtIyAMCk7FK3PuSseJSrR/C7W05tPvrlp5vUKxpmcA+Pg3AANp5gVMQOps6riAvoK76NKTkw4Me09Cowad7ay9IBBY4QqqBmRnfT3Mm6U5tJWeqvq1cIkwoxzHllgsGBGMQduI7URjhQYx3p+srGSe0fM7bqK+AU6aJh4r0jc1A6pCv/2XMOY1IUzmjIEnNq2RWOpnsWQ4UDma1r8sUzKgNhkuhjPU5U5YGt9+0jiuqv14dbKi7UJN3DPtkEXZNOrFrGgqKhdUqLhrdm+x/Hgw/aZoSDFYXON9jFTFyMUyUkWXZq5sfwghWUC2q4DsbfvH68h1AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAQ9aHQvPDcDuOJOL62pQeoDJpYtFmsDaksdhedG27usjPuX06XmzSIV3/D2zfPib2fpfdrHB5901TdehlghQVOkN6sSoih60GSD9zCkFD1eESywJJeZssRfDG4gk2Ls9wXz5ZY/QwSx6C97SodF0cuDHLFsymesuxhePL7sYkkmazjgQTkA/JXLe6FYX213xQ+FGfQvmAqc9xHu5jvnBXX+UbucixaLKUiRIVHfTmuUb/qenEBQM2vzWDZawHL5SBSa/Zxjy2iVMrQBeOiLcu8bTLTAmSCbonRTilFrKFVG0H+Y9+5bulOdJc64XOvj9DRJd1FJoocw0eGhw31I5rJA==-----END CERTIFICATE REQUEST-----
161
162              # cat cert.req.out
163              -----BEGIN CERTIFICATE REQUEST-----
164              MIIMhwYJKoZIhvcNAQcCoIIMeDCCDHQCAQMxCzAJBgUrDgMCGgUAMIIC6QYIKwYB
165              BQUHDAKgggLbBIIC1zCCAtMwVDAvAgECBggrBgEFBQcHBjEgBB5Da2UvQ1V6VEZF
166              Rzgwa1Ryb1dsNjVuTUZhMEU9DQowIQIBAwYIKwYBBQUHBwUxEgIQU05oqk+q+FdR
167              go/eIzsjGTCCAnWgggJxAgEBMIICajCCAVICAQAwJTEjMCEGA1UEAxMaQ01DRW5y
168              b2xsIFRlc3QgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
169              AoIBAQDamQA6psK7Tnic3DAtIyAMCk7FK3PuSseJSrR/C7W05tPvrlp5vUKxpmcA
170              +Pg3AANp5gVMQOps6riAvoK76NKTkw4Me09Cowad7ay9IBBY4QqqBmRnfT3Mm6U5
171              tJWeqvq1cIkwoxzHllgsGBGMQduI7URjhQYx3p+srGSe0fM7bqK+AU6aJh4r0jc1
172              A6pCv/2XMOY1IUzmjIEnNq2RWOpnsWQ4UDma1r8sUzKgNhkuhjPU5U5YGt9+0jiu
173              qv14dbKi7UJN3DPtkEXZNOrFrGgqKhdUqLhrdm+x/Hgw/aZoSDFYXON9jFTFyMUy
174              UkWXZq5sfwghWUC2q4DsbfvH68h1AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA
175              Q9aHQvPDcDuOJOL62pQeoDJpYtFmsDaksdhedG27usjPuX06XmzSIV3/D2zfPib2
176              fpfdrHB5901TdehlghQVOkN6sSoih60GSD9zCkFD1eESywJJeZssRfDG4gk2Ls9w
177              Xz5ZY/QwSx6C97SodF0cuDHLFsymesuxhePL7sYkkmazjgQTkA/JXLe6FYX213xQ
178              +FGfQvmAqc9xHu5jvnBXX+UbucixaLKUiRIVHfTmuUb/qenEBQM2vzWDZawHL5SB
179              Sa/Zxjy2iVMrQBeOiLcu8bTLTAmSCbonRTilFrKFVG0H+Y9+5bulOdJc64XOvj9D
180              RJd1FJoocw0eGhw31I5rJDAAMACggge1MIIDzDCCArSgAwIBAgIBATANBgkqhkiG
181              9w0BAQsFADBOMSswKQYDVQQKDCJ1c2Vyc3lzLnJlZGhhdC5jb20gU2VjdXJpdHkg
182              RG9tYWluMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlMB4XDTE2MDcy
183              MTIzNDAyNVoXDTM2MDcyMTIzNDAyNVowTjErMCkGA1UECgwidXNlcnN5cy5yZWRo
184              YXQuY29tIFNlY3VyaXR5IERvbWFpbjEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0
185              aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKmWoikqOPpH
186              0JLW3SZ1SPojvndjdILqDuGuRmqtcLuzZtmNuY7ZVwrXt61G1SCCBoEiy/OcUCKM
187              GVpw0M15Dn3sjJmd9F2R5lrGT2eMWWfVTr15RyEwK9Pn0mxTDN+0eZ4WDY9U4Zg4
188              2qZYIhkfGSTR5jhA4rs3uNOFm0ElLqDumGw3EXjJOy+RURvNbY4Pjlz89+Q2o6M0
189              /XMmMYzxVtXusKu1bvTKIiWoWCXR5ge78GoT/8reer+zxuSXiKSeVV2myvCQhmMH
190              AD2rik/7hazuY2ztC8h9HF09PMSeK2ev6PlzSV/PEqj9u5bgOcbqeiQkzR6IOcSi
191              JCn9o7B+AUMCAwEAAaOBtDCBsTAfBgNVHSMEGDAWgBS7NphdZcuI4IcjN29b96+L
192              iuu6tTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQU
193              uzaYXWXLiOCHIzdvW/evi4rrurUwTgYIKwYBBQUHAQEEQjBAMD4GCCsGAQUFBzAB
194              hjJodHRwOi8vcGtpLWRlc2t0b3AudXNlcnN5cy5yZWRoYXQuY29tOjgwODAvY2Ev
195              b2NzcDANBgkqhkiG9w0BAQsFAAOCAQEANUYLK65kV0na9zmtNGFje4akz4FBRAOh
196              f/RYvtH4/0z38vW/E6fZkfb6CHrC4pNPfL6c0q/8H0mIrAft4kkQlTyJB9tdF5qY
197              vCfUMmZ+zM664U/97nf7NSUu9PIFcNfh+/O9IoVUd7gEerRISJzbsmHAcCcfIiKX
198              FsM+6HbEt+lH47flb/eSA2cUS84bC+XlZmKpse1R8PL/rKzngReZmMhNx73pYlEN
199              0qOpJILEMC1FVUExp6XnnP/m1+gY3T2FrIcUU7Jm1mCnln3VcLxkRU2c9tGj4xYr
200              H8teMoQHLZTiqe/54h+3/pUEDgSATAHnex/uG33TXNDbpeNeq720eDCCA+EwggLJ
201              oAMCAQICAQYwDQYJKoZIhvcNAQELBQAwTjErMCkGA1UECgwidXNlcnN5cy5yZWRo
202              YXQuY29tIFNlY3VyaXR5IERvbWFpbjEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0
203              aWZpY2F0ZTAeFw0xNjA3MjEyMzQwMzBaFw0xODA3MTEyMzQwMzBaMHQxKzApBgNV
204              BAoMInVzZXJzeXMucmVkaGF0LmNvbSBTZWN1cml0eSBEb21haW4xKTAnBgkqhkiG
205              9w0BCQEWGmNhYWRtaW5AdXNlcnN5cy5yZWRoYXQuY29tMRowGAYDVQQDDBFQS0kg
206              QWRtaW5pc3RyYXRvcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKPQ
207              fOUyTIkdDnPzBrFRBknHqjYMrRpUDBR+JlarT/Sr6PqNQPMcM7JvgBNmXG32H+5w
208              QH/sfVjOmKEJOMsh71vKiTM0wb5rIo08B34i9E5Cf2Wzx2/ht4qfWvSmb5ZBxy22
209              YpasKLdv7SwSDQr0U7h+Q/96Hgq85ONxWWN6XubgZxSfbs7QVcA0jVq+2inhT67B
210              0u4DO6MTxFJNCfDcWiA/M6xzKbjEqDUEh46Rk19krGPYsbfW2BMuOi7pyfTDJVJ5
211              CAUbo4bpR3eeo5KMbUvgF3WUxA1whOF2Oc6t0hdINW6Xeq3vpnwn3RyX2TRQ0zqi
212              n3K3uPdahteQNcRb/Q8CAwEAAaOBozCBoDAfBgNVHSMEGDAWgBS7NphdZcuI4Icj
213              N29b96+Liuu6tTBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAGGMmh0dHA6Ly9w
214              a2ktZGVza3RvcC51c2Vyc3lzLnJlZGhhdC5jb206ODA4MC9jYS9vY3NwMA4GA1Ud
215              DwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZI
216              hvcNAQELBQADggEBAADJNrg4qAZ1LxSz2Nn1k1SEmbugxrh8o1jpBAaSvLlv+blL
217              +6wNq0D7c1GPzRO5TObyXgpbtHgofpKLSxw8cB3y8ugZMp7qJeCYxgzxQKEVMANW
218              6eZgAxvEe1J5Vyk/ELNiCtQmY7Mi+BtwvCF0xkCwYtOGlgeLV5t6GjBdG+jpZSIb
219              B0En0+t/JOwvqUAhzVStz/j9LgBza0P8ACd/s2Z/zjpot2JTXDofF0mbiGwMz4Em
220              /dOT3QhUr3QqFY/Q6T7c/wW7KbUXpNjwvLAV86A9Oojq32Z3ppJPnnDoLxLWvn8f
221              4rBdhhKrFhRZBYd91r3OExUIAEkFH9cmgPusjMsxggG6MIIBtgIBAzBTME4xKzAp
222              BgNVBAoMInVzZXJzeXMucmVkaGF0LmNvbSBTZWN1cml0eSBEb21haW4xHzAdBgNV
223              BAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUCAQYwCQYFKw4DAhoFAKA+MBcGCSqG
224              SIb3DQEJAzEKBggrBgEFBQcMAjAjBgkqhkiG9w0BCQQxFgQUeIRBuSA10uyZK8LB
225              yc5Abz4f74AwDQYJKoZIhvcNAQEBBQAEggEAC1DFoKDcAzJUdIIucV61TqQtbBJT
226              H8hhnln3+TwAO+u3X55o74xZMgawy/3Hkt3CjYxYmWIYY9MZILb2UeD0VZz63yzq
227              F9tEZu2IhlvaOgP6NLcu8SxDImQ/GuvPIvGkGg0m/X3cwCHKymH7ZXAUfxQXgqbw
228              CAMc+DH99xx0yotaAr5HE9tauNJejo4CDVYwUn/5syTcw3molt2Ely2FIFEyI3HD
229              yPmP2OHw/xqlBhFvnoecbtpTq2DiWGPWJHSnzcdInuXudHHaIsribXK8HGw2MnCD
230              8Sq7UsrvBe50v0YebYzQdXYrsnluNc+Cwm2PdDQDfPT39e7iwGSLGi4KrQ==
231              -----END CERTIFICATE REQUEST-----
232
233       (4) Submit the signed certificate request through the CA end-entities page:
234
235              (a) Open the end-entities page.
236
237              (b) Select the "Signed CMC-Authenticated User Certificate Enrollment" profile.
238
239              (c) Paste the content of the output file into the first text area of this form.
240
241              (d) Remove the "-----BEGIN CERTIFICATE REQUEST-----" header and the "-----END CERTIFICATE REQUEST-----" footer from the pasted content.
242
243              (e) Fill in the contact information, and submit the form.
244
245       (5) The certificate is immediately processed and returned since a signed request was sent and the CMCAuth plug-in was enabled:
246
247              Congratulations, your request has been processed successfully
248
249              Your request ID is 7.
250
251              Outputs
252
253              * Certificate Pretty Print
254
255                  Certificate:
256                      Data:
257                          Version:  v3
258                          Serial Number: 0x7
259                          Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
260                          Issuer: CN=CA Signing Certificate,O=example.com Security Domain
261                          Validity:
262                              Not Before: Thursday, July 21, 2016 6:28:20 PM MDT America/Denver
263                              Not  After: Tuesday, January 17, 2017 6:28:20 PM MST America/Denver
264                          Subject: CN=CMCEnroll Test Certificate
265                          Subject Public Key Info:
266                              Algorithm: RSA - 1.2.840.113549.1.1.1
267                              Public Key:
268                                  Exponent: 65537
269                                  Public Key Modulus: (2048 bits) :
270                                      DA:99:00:3A:A6:C2:BB:4E:78:9C:DC:30:2D:23:20:0C:
271                                      0A:4E:C5:2B:73:EE:4A:C7:89:4A:B4:7F:0B:B5:B4:E6:
272                                      D3:EF:AE:5A:79:BD:42:B1:A6:67:00:F8:F8:37:00:03:
273                                      69:E6:05:4C:40:EA:6C:EA:B8:80:BE:82:BB:E8:D2:93:
274                                      93:0E:0C:7B:4F:42:A3:06:9D:ED:AC:BD:20:10:58:E1:
275                                      0A:AA:06:64:67:7D:3D:CC:9B:A5:39:B4:95:9E:AA:FA:
276                                      B5:70:89:30:A3:1C:C7:96:58:2C:18:11:8C:41:DB:88:
277                                      ED:44:63:85:06:31:DE:9F:AC:AC:64:9E:D1:F3:3B:6E:
278                                      A2:BE:01:4E:9A:26:1E:2B:D2:37:35:03:AA:42:BF:FD:
279                                      97:30:E6:35:21:4C:E6:8C:81:27:36:AD:91:58:EA:67:
280                                      B1:64:38:50:39:9A:D6:BF:2C:53:32:A0:36:19:2E:86:
281                                      33:D4:E5:4E:58:1A:DF:7E:D2:38:AE:AA:FD:78:75:B2:
282                                      A2:ED:42:4D:DC:33:ED:90:45:D9:34:EA:C5:AC:68:2A:
283                                      2A:17:54:A8:B8:6B:76:6F:B1:FC:78:30:FD:A6:68:48:
284                                      31:58:5C:E3:7D:8C:54:C5:C8:C5:32:52:45:97:66:AE:
285                                      6C:7F:08:21:59:40:B6:AB:80:EC:6D:FB:C7:EB:C8:75
286                          Extensions:
287                              Identifier: Authority Key Identifier - 2.5.29.35
288                                  Critical: no
289                                  Key Identifier:
290                                      BB:36:98:5D:65:CB:88:E0:87:23:37:6F:5B:F7:AF:8B:
291                                      8A:EB:BA:B5
292                              Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1
293                                  Critical: no
294                                  Access Description:
295                                      Method #0: ocsp
296                                      Location #0: URIName: http://pki.example.com:8080/ca/ocsp
297                              Identifier: Key Usage: - 2.5.29.15
298                                  Critical: yes
299                                  Key Usage:
300                                      Digital Signature
301                                      Non Repudiation
302                                      Key Encipherment
303                              Identifier: Extended Key Usage: - 2.5.29.37
304                                  Critical: no
305                                  Extended Key Usage:
306                                      1.3.6.1.5.5.7.3.2
307                                      1.3.6.1.5.5.7.3.4
308                      Signature:
309                          Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
310                          Signature:
311                              6D:8B:99:D2:E9:D3:4E:7F:55:20:A6:7F:80:0C:72:B4:
312                              30:C5:4F:CB:D4:AC:57:85:D7:D2:CA:75:90:F7:2F:57:
313                              11:CB:67:16:08:0C:4C:23:D2:A5:A7:2E:4E:21:39:F5:
314                              D5:C7:6D:0B:DC:AD:48:E2:92:FF:99:C5:FC:CF:0E:89:
315                              69:B9:09:BA:9F:0E:84:AB:81:32:A7:8B:99:30:DF:75:
316                              2F:6C:61:5A:9C:87:77:DA:2C:EA:40:85:20:F2:DE:95:
317                              76:6B:D7:0B:8C:88:25:62:00:2D:04:30:F0:24:4B:64:
318                              2A:4A:E7:37:04:A2:BC:AD:B7:7F:BA:AA:74:41:2C:55:
319                              E9:E5:4B:92:18:BC:18:DC:FC:4B:EA:15:18:CE:B0:7A:
320                              3A:84:64:E2:31:1C:64:0A:79:3E:80:6E:43:12:30:8A:
321                              2A:67:6F:56:4B:56:55:C7:56:86:87:27:E4:C3:28:CA:
322                              05:D2:BD:0B:5D:10:A2:4E:96:9D:5B:2A:A0:0B:9B:B6:
323                              BB:8F:15:1F:D3:AF:79:E0:38:D3:F1:ED:D5:F1:F0:EB:
324                              F8:66:56:3F:2F:4F:4A:93:0E:2E:11:F3:F7:1B:37:61:
325                              08:E4:4A:92:4C:60:E3:1E:0A:0D:61:F2:AF:B2:E3:48:
326                              39:74:AA:5E:32:5B:AB:F3:55:3B:6B:1B:33:48:CB:21
327                      FingerPrint
328                          MD2:
329                              C2:58:80:9F:03:7D:5A:C2:3A:C2:42:D9:B8:CF:2D:17
330                          MD5:
331                              5F:D3:7C:1D:1F:59:3D:11:5E:B4:BE:75:D7:61:47:C6
332                          SHA-1:
333                              F4:29:98:68:76:3F:41:FD:5E:E9:C3:F6:8A:3A:25:F3:
334                              5C:A9:71:27
335                          SHA-256:
336                              66:8F:00:98:D4:FF:F1:E4:35:F2:8E:54:26:AD:98:02:
337                              8F:6C:98:02:49:0B:A7:E5:98:41:1D:FE:92:E1:6A:57
338                          SHA-512:
339                              E3:DB:3E:FB:9F:5F:CF:6D:79:1A:15:68:1A:42:5E:73:
340                              9A:ED:15:98:1D:D9:31:AF:00:45:37:1E:8A:98:C1:EA:
341                              F0:DF:57:E9:A7:F7:19:01:5B:79:2B:79:07:CE:66:D6:
342                              D6:C3:42:C9:D5:EE:50:71:7D:A5:94:DF:25:E6:CC:49
343
344              * Certificate Base-64 Encoded
345
346              -----BEGIN CERTIFICATE-----
347              MIIDkjCCAnqgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBOMSswKQYDVQQKDCJ1c2Vy
348              c3lzLnJlZGhhdC5jb20gU2VjdXJpdHkgRG9tYWluMR8wHQYDVQQDDBZDQSBTaWdu
349              aW5nIENlcnRpZmljYXRlMB4XDTE2MDcyMjAwMjgyMFoXDTE3MDExODAxMjgyMFow
350              JTEjMCEGA1UEAxMaQ01DRW5yb2xsIFRlc3QgQ2VydGlmaWNhdGUwggEiMA0GCSqG
351              SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDamQA6psK7Tnic3DAtIyAMCk7FK3PuSseJ
352              SrR/C7W05tPvrlp5vUKxpmcA+Pg3AANp5gVMQOps6riAvoK76NKTkw4Me09Cowad
353              7ay9IBBY4QqqBmRnfT3Mm6U5tJWeqvq1cIkwoxzHllgsGBGMQduI7URjhQYx3p+s
354              rGSe0fM7bqK+AU6aJh4r0jc1A6pCv/2XMOY1IUzmjIEnNq2RWOpnsWQ4UDma1r8s
355              UzKgNhkuhjPU5U5YGt9+0jiuqv14dbKi7UJN3DPtkEXZNOrFrGgqKhdUqLhrdm+x
356              /Hgw/aZoSDFYXON9jFTFyMUyUkWXZq5sfwghWUC2q4DsbfvH68h1AgMBAAGjgaMw
357              gaAwHwYDVR0jBBgwFoAUuzaYXWXLiOCHIzdvW/evi4rrurUwTgYIKwYBBQUHAQEE
358              QjBAMD4GCCsGAQUFBzABhjJodHRwOi8vcGtpLWRlc2t0b3AudXNlcnN5cy5yZWRo
359              YXQuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI
360              KwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQBti5nS6dNOf1Ug
361              pn+ADHK0MMVPy9SsV4XX0sp1kPcvVxHLZxYIDEwj0qWnLk4hOfXVx20L3K1I4pL/
362              mcX8zw6JabkJup8OhKuBMqeLmTDfdS9sYVqch3faLOpAhSDy3pV2a9cLjIglYgAt
363              BDDwJEtkKkrnNwSivK23f7qqdEEsVenlS5IYvBjc/EvqFRjOsHo6hGTiMRxkCnk+
364              gG5DEjCKKmdvVktWVcdWhocn5MMoygXSvQtdEKJOlp1bKqALm7a7jxUf06954DjT
365              8e3V8fDr+GZWPy9PSpMOLhHz9xs3YQjkSpJMYOMeCg1h8q+y40g5dKpeMlur81U7
366              axszSMsh
367              -----END CERTIFICATE-----
368
369              * Certificate Imports
370              ----------------------
371              | Import Certificate |
372              ----------------------
373
374       (6) Use the agent page to search for the new certificate:
375
376              Certificate   0x07
377
378              Certificate contents
379
380                  Certificate:
381                      Data:
382                          Version:  v3
383                          Serial Number: 0x7
384                          Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
385                          Issuer: CN=CA Signing Certificate,O=example.com Security Domain
386                          Validity:
387                              Not Before: Thursday, July 21, 2016 6:28:20 PM MDT America/Denver
388                              Not  After: Tuesday, January 17, 2017 6:28:20 PM MST America/Denver
389                          Subject: CN=CMCEnroll Test Certificate
390                          Subject Public Key Info:
391                              Algorithm: RSA - 1.2.840.113549.1.1.1
392                              Public Key:
393                                  Exponent: 65537
394                                  Public Key Modulus: (2048 bits) :
395                                      DA:99:00:3A:A6:C2:BB:4E:78:9C:DC:30:2D:23:20:0C:
396                                      0A:4E:C5:2B:73:EE:4A:C7:89:4A:B4:7F:0B:B5:B4:E6:
397                                      D3:EF:AE:5A:79:BD:42:B1:A6:67:00:F8:F8:37:00:03:
398                                      69:E6:05:4C:40:EA:6C:EA:B8:80:BE:82:BB:E8:D2:93:
399                                      93:0E:0C:7B:4F:42:A3:06:9D:ED:AC:BD:20:10:58:E1:
400                                      0A:AA:06:64:67:7D:3D:CC:9B:A5:39:B4:95:9E:AA:FA:
401                                      B5:70:89:30:A3:1C:C7:96:58:2C:18:11:8C:41:DB:88:
402                                      ED:44:63:85:06:31:DE:9F:AC:AC:64:9E:D1:F3:3B:6E:
403                                      A2:BE:01:4E:9A:26:1E:2B:D2:37:35:03:AA:42:BF:FD:
404                                      97:30:E6:35:21:4C:E6:8C:81:27:36:AD:91:58:EA:67:
405                                      B1:64:38:50:39:9A:D6:BF:2C:53:32:A0:36:19:2E:86:
406                                      33:D4:E5:4E:58:1A:DF:7E:D2:38:AE:AA:FD:78:75:B2:
407                                      A2:ED:42:4D:DC:33:ED:90:45:D9:34:EA:C5:AC:68:2A:
408                                      2A:17:54:A8:B8:6B:76:6F:B1:FC:78:30:FD:A6:68:48:
409                                      31:58:5C:E3:7D:8C:54:C5:C8:C5:32:52:45:97:66:AE:
410                                      6C:7F:08:21:59:40:B6:AB:80:EC:6D:FB:C7:EB:C8:75
411                          Extensions:
412                              Identifier: Authority Key Identifier - 2.5.29.35
413                                  Critical: no
414                                  Key Identifier:
415                                      BB:36:98:5D:65:CB:88:E0:87:23:37:6F:5B:F7:AF:8B:
416                                      8A:EB:BA:B5
417                              Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1
418                                  Critical: no
419                                  Access Description:
420                                      Method #0: ocsp
421                                      Location #0: URIName: http://pki.example.com:8080/ca/ocsp
422                              Identifier: Key Usage: - 2.5.29.15
423                                  Critical: yes
424                                  Key Usage:
425                                      Digital Signature
426                                      Non Repudiation
427                                      Key Encipherment
428                              Identifier: Extended Key Usage: - 2.5.29.37
429                                  Critical: no
430                                  Extended Key Usage:
431                                      1.3.6.1.5.5.7.3.2
432                                      1.3.6.1.5.5.7.3.4
433                      Signature:
434                          Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11
435                          Signature:
436                              6D:8B:99:D2:E9:D3:4E:7F:55:20:A6:7F:80:0C:72:B4:
437                              30:C5:4F:CB:D4:AC:57:85:D7:D2:CA:75:90:F7:2F:57:
438                              11:CB:67:16:08:0C:4C:23:D2:A5:A7:2E:4E:21:39:F5:
439                              D5:C7:6D:0B:DC:AD:48:E2:92:FF:99:C5:FC:CF:0E:89:
440                              69:B9:09:BA:9F:0E:84:AB:81:32:A7:8B:99:30:DF:75:
441                              2F:6C:61:5A:9C:87:77:DA:2C:EA:40:85:20:F2:DE:95:
442                              76:6B:D7:0B:8C:88:25:62:00:2D:04:30:F0:24:4B:64:
443                              2A:4A:E7:37:04:A2:BC:AD:B7:7F:BA:AA:74:41:2C:55:
444                              E9:E5:4B:92:18:BC:18:DC:FC:4B:EA:15:18:CE:B0:7A:
445                              3A:84:64:E2:31:1C:64:0A:79:3E:80:6E:43:12:30:8A:
446                              2A:67:6F:56:4B:56:55:C7:56:86:87:27:E4:C3:28:CA:
447                              05:D2:BD:0B:5D:10:A2:4E:96:9D:5B:2A:A0:0B:9B:B6:
448                              BB:8F:15:1F:D3:AF:79:E0:38:D3:F1:ED:D5:F1:F0:EB:
449                              F8:66:56:3F:2F:4F:4A:93:0E:2E:11:F3:F7:1B:37:61:
450                              08:E4:4A:92:4C:60:E3:1E:0A:0D:61:F2:AF:B2:E3:48:
451                              39:74:AA:5E:32:5B:AB:F3:55:3B:6B:1B:33:48:CB:21
452                      FingerPrint
453                          MD2:
454                              C2:58:80:9F:03:7D:5A:C2:3A:C2:42:D9:B8:CF:2D:17
455                          MD5:
456                              5F:D3:7C:1D:1F:59:3D:11:5E:B4:BE:75:D7:61:47:C6
457                          SHA-1:
458                              F4:29:98:68:76:3F:41:FD:5E:E9:C3:F6:8A:3A:25:F3:
459                              5C:A9:71:27
460                          SHA-256:
461                              66:8F:00:98:D4:FF:F1:E4:35:F2:8E:54:26:AD:98:02:
462                              8F:6C:98:02:49:0B:A7:E5:98:41:1D:FE:92:E1:6A:57
463                          SHA-512:
464                              E3:DB:3E:FB:9F:5F:CF:6D:79:1A:15:68:1A:42:5E:73:
465                              9A:ED:15:98:1D:D9:31:AF:00:45:37:1E:8A:98:C1:EA:
466                              F0:DF:57:E9:A7:F7:19:01:5B:79:2B:79:07:CE:66:D6:
467                              D6:C3:42:C9:D5:EE:50:71:7D:A5:94:DF:25:E6:CC:49
468
469              Certificate request info
470
471              Request ID: 7
472
473              Installing this certificate in a server
474
475              The following format can be used to install this certificate into a server.
476
477              Base 64 encoded certificate
478
479              -----BEGIN CERTIFICATE-----
480              MIIDkjCCAnqgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBOMSswKQYDVQQKDCJ1c2Vy
481              c3lzLnJlZGhhdC5jb20gU2VjdXJpdHkgRG9tYWluMR8wHQYDVQQDDBZDQSBTaWdu
482              aW5nIENlcnRpZmljYXRlMB4XDTE2MDcyMjAwMjgyMFoXDTE3MDExODAxMjgyMFow
483              JTEjMCEGA1UEAxMaQ01DRW5yb2xsIFRlc3QgQ2VydGlmaWNhdGUwggEiMA0GCSqG
484              SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDamQA6psK7Tnic3DAtIyAMCk7FK3PuSseJ
485              SrR/C7W05tPvrlp5vUKxpmcA+Pg3AANp5gVMQOps6riAvoK76NKTkw4Me09Cowad
486              7ay9IBBY4QqqBmRnfT3Mm6U5tJWeqvq1cIkwoxzHllgsGBGMQduI7URjhQYx3p+s
487              rGSe0fM7bqK+AU6aJh4r0jc1A6pCv/2XMOY1IUzmjIEnNq2RWOpnsWQ4UDma1r8s
488              UzKgNhkuhjPU5U5YGt9+0jiuqv14dbKi7UJN3DPtkEXZNOrFrGgqKhdUqLhrdm+x
489              /Hgw/aZoSDFYXON9jFTFyMUyUkWXZq5sfwghWUC2q4DsbfvH68h1AgMBAAGjgaMw
490              gaAwHwYDVR0jBBgwFoAUuzaYXWXLiOCHIzdvW/evi4rrurUwTgYIKwYBBQUHAQEE
491              QjBAMD4GCCsGAQUFBzABhjJodHRwOi8vcGtpLWRlc2t0b3AudXNlcnN5cy5yZWRo
492              YXQuY29tOjgwODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYI
493              KwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4IBAQBti5nS6dNOf1Ug
494              pn+ADHK0MMVPy9SsV4XX0sp1kPcvVxHLZxYIDEwj0qWnLk4hOfXVx20L3K1I4pL/
495              mcX8zw6JabkJup8OhKuBMqeLmTDfdS9sYVqch3faLOpAhSDy3pV2a9cLjIglYgAt
496              BDDwJEtkKkrnNwSivK23f7qqdEEsVenlS5IYvBjc/EvqFRjOsHo6hGTiMRxkCnk+
497              gG5DEjCKKmdvVktWVcdWhocn5MMoygXSvQtdEKJOlp1bKqALm7a7jxUf06954DjT
498              8e3V8fDr+GZWPy9PSpMOLhHz9xs3YQjkSpJMYOMeCg1h8q+y40g5dKpeMlur81U7
499              axszSMsh
500              -----END CERTIFICATE-----
501
502              Base 64 encoded certificate with CA certificate chain in pkcs7 format
503
504              -----BEGIN PKCS7-----
505              MIIHlQYJKoZIhvcNAQcCoIIHhjCCB4ICAQExADAPBgkqhkiG9w0BBwGgAgQAoIIH
506              ZjCCA5IwggJ6oAMCAQICAQcwDQYJKoZIhvcNAQELBQAwTjErMCkGA1UECgwidXNl
507              cnN5cy5yZWRoYXQuY29tIFNlY3VyaXR5IERvbWFpbjEfMB0GA1UEAwwWQ0EgU2ln
508              bmluZyBDZXJ0aWZpY2F0ZTAeFw0xNjA3MjIwMDI4MjBaFw0xNzAxMTgwMTI4MjBa
509              MCUxIzAhBgNVBAMTGkNNQ0Vucm9sbCBUZXN0IENlcnRpZmljYXRlMIIBIjANBgkq
510              hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pkAOqbCu054nNwwLSMgDApOxStz7krH
511              iUq0fwu1tObT765aeb1CsaZnAPj4NwADaeYFTEDqbOq4gL6Cu+jSk5MODHtPQqMG
512              ne2svSAQWOEKqgZkZ309zJulObSVnqr6tXCJMKMcx5ZYLBgRjEHbiO1EY4UGMd6f
513              rKxkntHzO26ivgFOmiYeK9I3NQOqQr/9lzDmNSFM5oyBJzatkVjqZ7FkOFA5mta/
514              LFMyoDYZLoYz1OVOWBrfftI4rqr9eHWyou1CTdwz7ZBF2TTqxaxoKioXVKi4a3Zv
515              sfx4MP2maEgxWFzjfYxUxcjFMlJFl2aubH8IIVlAtquA7G37x+vIdQIDAQABo4Gj
516              MIGgMB8GA1UdIwQYMBaAFLs2mF1ly4jghyM3b1v3r4uK67q1ME4GCCsGAQUFBwEB
517              BEIwQDA+BggrBgEFBQcwAYYyaHR0cDovL3BraS1kZXNrdG9wLnVzZXJzeXMucmVk
518              aGF0LmNvbTo4MDgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQG
519              CCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAbYuZ0unTTn9V
520              IKZ/gAxytDDFT8vUrFeF19LKdZD3L1cRy2cWCAxMI9Klpy5OITn11cdtC9ytSOKS
521              /5nF/M8OiWm5CbqfDoSrgTKni5kw33UvbGFanId32izqQIUg8t6VdmvXC4yIJWIA
522              LQQw8CRLZCpK5zcEorytt3+6qnRBLFXp5UuSGLwY3PxL6hUYzrB6OoRk4jEcZAp5
523              PoBuQxIwiipnb1ZLVlXHVoaHJ+TDKMoF0r0LXRCiTpadWyqgC5u2u48VH9OveeA4
524              0/Ht1fHw6/hmVj8vT0qTDi4R8/cbN2EI5EqSTGDjHgoNYfKvsuNIOXSqXjJbq/NV
525              O2sbM0jLITCCA8wwggK0oAMCAQICAQEwDQYJKoZIhvcNAQELBQAwTjErMCkGA1UE
526              CgwidXNlcnN5cy5yZWRoYXQuY29tIFNlY3VyaXR5IERvbWFpbjEfMB0GA1UEAwwW
527              Q0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xNjA3MjEyMzQwMjVaFw0zNjA3MjEy
528              MzQwMjVaME4xKzApBgNVBAoMInVzZXJzeXMucmVkaGF0LmNvbSBTZWN1cml0eSBE
529              b21haW4xHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqG
530              SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCplqIpKjj6R9CS1t0mdUj6I753Y3SC6g7h
531              rkZqrXC7s2bZjbmO2VcK17etRtUgggaBIsvznFAijBlacNDNeQ597IyZnfRdkeZa
532              xk9njFln1U69eUchMCvT59JsUwzftHmeFg2PVOGYONqmWCIZHxkk0eY4QOK7N7jT
533              hZtBJS6g7phsNxF4yTsvkVEbzW2OD45c/PfkNqOjNP1zJjGM8VbV7rCrtW70yiIl
534              qFgl0eYHu/BqE//K3nq/s8bkl4iknlVdpsrwkIZjBwA9q4pP+4Ws7mNs7QvIfRxd
535              PTzEnitnr+j5c0lfzxKo/buW4DnG6nokJM0eiDnEoiQp/aOwfgFDAgMBAAGjgbQw
536              gbEwHwYDVR0jBBgwFoAUuzaYXWXLiOCHIzdvW/evi4rrurUwDwYDVR0TAQH/BAUw
537              AwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFLs2mF1ly4jghyM3b1v3r4uK
538              67q1ME4GCCsGAQUFBwEBBEIwQDA+BggrBgEFBQcwAYYyaHR0cDovL3BraS1kZXNr
539              dG9wLnVzZXJzeXMucmVkaGF0LmNvbTo4MDgwL2NhL29jc3AwDQYJKoZIhvcNAQEL
540              BQADggEBADVGCyuuZFdJ2vc5rTRhY3uGpM+BQUQDoX/0WL7R+P9M9/L1vxOn2ZH2
541              +gh6wuKTT3y+nNKv/B9JiKwH7eJJEJU8iQfbXReamLwn1DJmfszOuuFP/e53+zUl
542              LvTyBXDX4fvzvSKFVHe4BHq0SEic27JhwHAnHyIilxbDPuh2xLfpR+O35W/3kgNn
543              FEvOGwvl5WZiqbHtUfDy/6ys54EXmZjITce96WJRDdKjqSSCxDAtRVVBMael55z/
544              5tfoGN09hayHFFOyZtZgp5Z91XC8ZEVNnPbRo+MWKx/LXjKEBy2U4qnv+eIft/6V
545              BA4EgEwB53sf7ht901zQ26XjXqu9tHgxAA==
546              -----END PKCS7-----
547

AUTHORS

549       Matthew Harmsen <mharmsen@redhat.com>.
550
551

COPYRIGHT

553       Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General
554       Public License, version 2 (GPLv2). A copy of this license is  available
555       at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
556
557