Struct DogtagConfig 

pub struct DogtagConfig {
    pub ca_url: Url,
    pub kra_url: Option<Url>,
    pub agent_cert_file: String,
    pub agent_key_file: String,
    pub ca_cert_file: String,
    pub profile_id: String,
    pub timeout_secs: u64,
    pub retry_max: u32,
    pub retry_delay_ms: u64,
}

Configuration for connecting to a Dogtag PKI instance.

Supports deserialization from TOML configuration files. The agent certificate and key are used for mTLS authentication to the Dogtag REST API, which requires an agent-level certificate for enrollment and revocation operations.

Example TOML

[dogtag]
ca_url = "https://ca.example.com:8443"
kra_url = "https://kra.example.com:8443"
agent_cert_file = "/etc/kipuka/agent.pem"
agent_key_file = "/etc/kipuka/agent.key"
ca_cert_file = "/etc/pki/tls/certs/ca-bundle.crt"
profile_id = "caServerCert"
timeout_secs = 30
retry_max = 3
retry_delay_ms = 1000

Fields

ca_url: Url

Base URL of the Dogtag CA subsystem.

Typically https://<hostname>:8443 for the secure admin/agent port. The REST API endpoints are relative to this URL (e.g., /ca/rest/certs).

kra_url: Option<Url>

Base URL of the Dogtag KRA subsystem (optional).

Required only for /serverkeygen operations that need server-side key generation and archival. Typically on the same host as the CA but may be a separate instance.

agent_cert_file: String

Path to the PEM-encoded agent certificate file.

This certificate authenticates the client to the Dogtag REST API. Must be issued by a CA trusted by the Dogtag instance and have the appropriate agent privileges.

agent_key_file: String

Path to the PEM-encoded agent private key file.

ca_cert_file: String

Path to the PEM-encoded CA certificate file for TLS verification.

Used to verify the Dogtag server’s TLS certificate. This is typically the root CA certificate that issued the Dogtag instance’s server cert.

profile_id: String

Default enrollment profile ID.

Common profiles include:

• caServerCert — TLS server certificates
• caUserCert — User/client certificates
• caIPAserviceCert — FreeIPA service certificates
• caDualCert — Dual-key (signing + encryption) certificates

timeout_secs: u64

HTTP request timeout in seconds.

Applied to each individual HTTP request to the Dogtag REST API. Enrollment operations may take longer if the CA profile requires approval workflows.

retry_max: u32

Maximum number of retry attempts for transient failures.

Retries are attempted for HTTP 5xx errors and connection failures. Client errors (4xx) are not retried.

retry_delay_ms: u64

Delay between retry attempts in milliseconds.

Simple fixed-delay retry. Future versions may support exponential backoff.

Trait Implementations

impl Clone for DogtagConfig

fn clone(&self) -> DogtagConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for DogtagConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for DogtagConfig

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.