$ cat /etc/barbican/barbican-api.conf.fragment [dogtag_plugin] pem_path = '/etc/barbican/kra_admin_cert.pem' dogtag_host = aleeredhat.laptop dogtag_port = 8263 nss_db_path = '/etc/barbican/alias' nss_db_path_ca = '/etc/barbican/alias-ca' nss_password = 'password123' simple_cmc_profile = 'caOtherCert' [secretstore] namespace = barbican.secretstore.plugin enabled_secretstore_plugins = dogtag_crypto [certificate] namespace = barbican.certificate.plugin enabled_certificate_plugins = dogtag $ curl -H 'content-type:application/json' -H 'X-Project-Id: 12345' http://localhost:9311/v1/cas {"cas": ["http://localhost:9311/v1/cas/3a2a533d-ed4d-4c68-a418-2ee79f4c9581", "http://localhost:9311/v1/cas/422e6ad3-24ae-45e3-b165-4e9487cd0ded"], "total": 2} $ curl -H 'content-type:application/json' -H 'X-Project-Id: 12345' http://localhost:9311/v1/cas/422e6ad3-24ae-45e3-b165-4e9487cd0ded {"status": "ACTIVE", "updated": "2015-05-09T05:55:37.745132", "created": "2015-05-09T05:55:37.745132", "plugin_name": "barbican.plugin.dogtag.DogtagCAPlugin", "meta": [{"name": "Dogtag CA"}, {"description": "Certificate Authority - Dogtag CA"}], "ca_id": "422e6ad3-24ae-45e3-b165-4e9487cd0ded", "plugin_ca_id": "Dogtag CA", "expiration": "2015-05-10T05:55:37.740211"} $ openssl genrsa -out private.pem 2048 Generating RSA private key, 2048 bit long modulus .............................+++ .........................................................................................................................................................+++ e is 65537 (0x10001) $ openssl req -new -key private.pem -out csr.pem -subj '/CN=server1,o=example.com' $ base64 ./csr.pem |tr -d '\r\n' LS0tLS1CRUd...VTVC0tLS curl -X POST -H 'content-type:application/json' -H 'X-Project-Id: 12345' -d '{"type": "certificate", "meta": { "request_data": "LS0...tCg==", "request_type": "simple-cmc", "ca_id": "422e6ad3-24ae-45e3-b165-4e9487cd0ded", "profile": "caServerCert"}}' http://localhost:9311/v1/orders {"order_ref": "http://localhost:9311/v1/orders/df1d1a0f-8454-46ca-9287-c57ced0418e7"} $curl -H 'content-type:application/json' -H 'X-Project-Id: 12345' http://localhost:9311/v1/orders/df1d1a0f-8454-46ca-9287-c57ced0418e7 {"status": "ACTIVE", "sub_status": "cert_generated", "updated": "2015-05-09T22:40:05.007512", "created": "2015-05-09T22:40:01.556689", "container_ref": "http://localhost:9311/v1/containers/1e71dc2b-cf63-4aa4-91f7-41ea1a9e5493", "order_ref": "http://localhost:9311/v1/orders/df1d1a0f-8454-46ca-9287-c57ced0418e7", "meta": {"profile": "caServerCert", "request_data": "LS0tLS...LS0tCg==", "request_type": "simple-cmc", "ca_id": "422e6ad3-24ae-45e3-b165-4e9487cd0ded"}, "sub_status_message": "Certificate has been generated", "type": "certificate"} $curl -H 'content-type:application/json' -H 'X-Project-Id: 12345' http://localhost:9311/v1/containers/1e71dc2b-cf63-4aa4-91f7-41ea1a9e5493 {"status": "ACTIVE", "updated": "2015-05-09T22:40:05.003296", "name": null, "consumers": [], "created": "2015-05-09T22:40:05.003296", "container_ref": "http://localhost:9311/v1/containers/1e71dc2b-cf63-4aa4-91f7-41ea1a9e5493", "creator_id": null, "secret_refs": [{"secret_ref": "http://localhost:9311/v1/secrets/acd47891-9e72-4542-b9de-be66cc343610", "name": "certificate"}, {"secret_ref": "http://localhost:9311/v1/secrets/a871baa4-6ef2-42db-ba01-13414ab60d9e", "name": "intermediates"}], "type": "certificate"} $ curl -H 'content-type:application/json' -H 'X-Project-Id: 12345' http://localhost:9311/v1/secrets/acd47891-9e72-4542-b9de-be66cc343610 {"status": "ACTIVE", "secret_type": "opaque", "updated": "2015-05-09T22:40:03.896532", "name": null, "algorithm": null, "created": "2015-05-09T22:40:03.896532", "secret_ref": "http://localhost:9311/v1/secrets/acd47891-9e72-4542-b9de-be66cc343610", "content_types": {"default": "application/pkix-cert"}, "creator_id": null, "mode": null, "bit_length": null, "expiration": null} $ curl -H 'content-type:application/json' -H 'X-Project-Id: 12345' -H 'Accept:application/pkix-cert' http://localhost:9311/v1/secrets/acd47891-9e72-4542-b9de-be66cc343610/payload -----BEGIN CERTIFICATE----- MIIDcTCCAlmgAwIBAgIBWDANBgkqhkiG9w0BAQsFADA/MRwwGgYDVQQKDBNwa2kt dG9tY2F0MjYgZG9tYWluMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRl MB4XDTE1MDUwOTIyNDAwMVoXDTE3MDQyODIyNDAwMVowIDEeMBwGA1UEAwwVc2Vy dmVyMSxvPWV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAuAYPRcoP1N/O1PRrkVFpdvCgFoxdQUr//A4+3jXU24R5xFLRSiDe5HlCKZ80 x6uH51c7j45D0heHEIfKUwgOJqbooIEVkmFmi59EdFSx76e1/1VEohjueifLWmKo 9EWyiQ++U8HoUYj0glgDtj4eekakWFunO0QkTqxyvtGK6N8iiRxoh9NqwjKZv9A3 +t/7sxHQ7kP6mHwlcHZKuNx/jGMjWqoRejnml4VKdLfM6NcazMB+06EkSTlncM78 Z1/a5AJ/krbNTxGpBI5X7HFUz8p1RvhbfzrrlLAceJ8Yr0U7Z9fVBAXEdswuc2Vj RumLUkBoB1G2FN6XfRDXUpcZcQIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFG5QuMQZ yGVSXKCwKufCa0HOE+llMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAYYlaHR0 cDovL2FsZWVyZWRoYXQubGFwdG9wOjgyNjAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMC BPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUA A4IBAQDi8myjbqM6z2/OGcoPl8WHOrLqiXbMilt4Axl7DFcrSuQWPhPo0yc0lm4i hMLh+D+Bbj0qRuqWPLFlUvjiWvN4BcOeWFlMBFecejqix0/kLGk0MCV7PWaEk5UW oataBwCRx1lmI+03Wmhp7s5WK6XOyT2oqyKY06DOHi8b6TGsFtTSEvcNyjCdkY7J e7tN+t7rMn5SjSCrvoNhzmb1TX42kWTVIvZOSyA74obJxdjEuBJUm/JSVIdlXP3g YhleNzRQvsY0HH0tSlWYlryczFV9f+RB2C+Ltr+EQab/Dy+mGl2hhQaezzX5MMCM HIG28XVygTC93uQmk1mAUTsIpFsk -----END CERTIFICATE----- $ curl -H 'content-type:application/json' -H 'X-Project-Id: 12345' -H 'Accept:application/pkix-cert' http://localhost:9311/v1/secrets/a871baa4-6ef2-42db-ba01-13414ab60d9e/payload -----BEGIN CERTIFICATE----- MIIHSQYJKoZIhvcNAQcCoIIHOjCCBzYCAQExADAPBgkqhkiG9w0BBwGgAgQAoIIH GjCCA3EwggJZoAMCAQICAVgwDQYJKoZIhvcNAQELBQAwPzEcMBoGA1UECgwTcGtp LXRvbWNhdDI2IGRvbWFpbjEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0 ZTAeFw0xNTA1MDkyMjQwMDFaFw0xNzA0MjgyMjQwMDFaMCAxHjAcBgNVBAMMFXNl cnZlcjEsbz1leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBALgGD0XKD9TfztT0a5FRaXbwoBaMXUFK//wOPt411NuEecRS0Uog3uR5Qimf NMerh+dXO4+OQ9IXhxCHylMIDiam6KCBFZJhZoufRHRUse+ntf9VRKIY7nony1pi qPRFsokPvlPB6FGI9IJYA7Y+HnpGpFhbpztEJE6scr7RiujfIokcaIfTasIymb/Q N/rf+7MR0O5D+ph8JXB2Srjcf4xjI1qqEXo55peFSnS3zOjXGszAftOhJEk5Z3DO /Gdf2uQCf5K2zU8RqQSOV+xxVM/KdUb4W38665SwHHifGK9FO2fX1QQFxHbMLnNl Y0bpi1JAaAdRthTel30Q11KXGXECAwEAAaOBljCBkzAfBgNVHSMEGDAWgBRuULjE GchlUlygsCrnwmtBzhPpZTBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAGGJWh0 dHA6Ly9hbGVlcmVkaGF0LmxhcHRvcDo4MjYwL2NhL29jc3AwDgYDVR0PAQH/BAQD AgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsF AAOCAQEA4vJso26jOs9vzhnKD5fFhzqy6ol2zIpbeAMZewxXK0rkFj4T6NMnNJZu IoTC4fg/gW49KkbqljyxZVL44lrzeAXDnlhZTARXnHo6osdP5CxpNDAlez1mhJOV FqGrWgcAkcdZZiPtN1poae7OViulzsk9qKsimNOgzh4vG+kxrBbU0hL3DcownZGO yXu7Tfre6zJ+Uo0gq76DYc5m9U1+NpFk1SL2TksgO+KGycXYxLgSVJvyUlSHZVz9 4GIZXjc0UL7GNBx9LUpVmJa8nMxVfX/kQdgvi7a/hEGm/w8vphpdoYUGns81+TDA jByBtvF1coEwvd7kJpNZgFE7CKRbJDCCA6EwggKJoAMCAQICAQEwDQYJKoZIhvcN AQELBQAwPzEcMBoGA1UECgwTcGtpLXRvbWNhdDI2IGRvbWFpbjEfMB0GA1UEAwwW Q0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xNTA0MTYwNDQxNDVaFw0zNTA0MTYw NDQxNDVaMD8xHDAaBgNVBAoME3BraS10b21jYXQyNiBkb21haW4xHzAdBgNVBAMM FkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDlT3ENPCzKhlca168GNJAlmckjCmeNeEq9QYosJQ4VB9J0GqQJYfrX 7DwJ7fE4gqi5wFDWzIGF94tmAhnkp9j14AzNhwJlqDt2+zWgBHOZskTST2pCAvxx vE0YGXfs/ltrWA1rq69TvzSI1lKhjroYAoE7Zlkw53CQDvt1cjh7NgK1ozxqApzB Da44HiQltiuGew99kgI5G430mC7xvamCUYLVR1h+I5q7k7QKeFdlrLKLEmcJkKWY tR5PlYssLZX6/sQANkV3xIkLn3XZ65tRmTcxDtMVmPsMI/fjq3JR0C/inHoYen8j DE3BH7jfoGwhZVx7LL6rlBTz39YULZ6fAgMBAAGjgacwgaQwHwYDVR0jBBgwFoAU blC4xBnIZVJcoLAq58JrQc4T6WUwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E BAMCAcYwHQYDVR0OBBYEFG5QuMQZyGVSXKCwKufCa0HOE+llMEEGCCsGAQUFBwEB BDUwMzAxBggrBgEFBQcwAYYlaHR0cDovL2FsZWVyZWRoYXQubGFwdG9wOjgyNjAv Y2Evb2NzcDANBgkqhkiG9w0BAQsFAAOCAQEAdn4zV2yJC7YF2esP66znJMV9tmeN hI78BjaeQ0SPmTURVXMxKDUmW3YznvHI6gGvxS1TJuNkjmAlicqMEXA/B0HYsZVD cTkb+qz0s3a2xF/AN90jBRhZtxAHf+n4Cs/aIG+zbZ1+CpxDgojDQx8wYVtk2c7/ 5SWCB8qVICs8NkyryfxkZ2RDH0z9bhQQSsL6QwhClTByjbTxSe/gdzdrYde2GSfs 9MRo9WMBRVAvQqWiyWt3Z9mlZ2lwR8QlJukEXLjE+zpIyfTqCevMr/zkQZkTA6dW Uw2mFhD0MPOzGJhkmRxhvNmdDtldBaEY8mlipmMt9G83nAM8KVtt/T7cqzEA -----END CERTIFICATE-----