The Master host certificate will not contain the full domain name if the hostname for the Master did not contain this name at the time when the BoKS internal CA was initiated (for example using fccsetup or adminwiz).

Here is how to generate a new host certificate and virtual card for the master.


First find out the Subject Name of the Root CA that should be used.

For example:

cacreds list -v
Subject name : "CN=Admin Root CA,O=abcd,C=SE"

Then, use to generate the new Virtual Card: -h $(hostname) -n 'CN=Admin Root CA,O=abcd,C=SE' -p $BOKS_data/sso_creds/ca_creds/keypkgs/'CN=Admin Root CA,O=abcd,C=SE'*.pin -c $(hostname).your.domain -v 5 -o

To check the contents of the new host certificate, you can use the following commands:

#BoKS 7.0 and earlier# usrcreds get -k -c > /tmp/cert

#BoKS 7.1 and later# hostcreds get -h host -c > /tmp/cert

certinfo -c /tmp/cert

Important: is not included in BoKS, but can be found in the Knowledge Base article How to: Import a host certificate signed by an external CA, where you can also find more information about the script, including the manual.


When a BoKS CA is initiated, there is an option to save the pin in a file as in the -p option above. If no such file was created you have to provide it or you will be prompted for the pin if -p is left out.

If there happens to be more than one CA with the same Subject Name you will have to provide the full path at the -p option instead of using * as in the example.

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018