From Fedora Project Wiki
No edit summary |
No edit summary |
||
(4 intermediate revisions by the same user not shown) | |||
Line 5: | Line 5: | ||
|actions= | |actions= | ||
# First, prerequisites, Java OpenJDK, 389-ds-base needs to be installed.And configure the basic DS instance using setup-ds.pl(accept all defaults) | # First, prerequisites, Java OpenJDK, 389-ds-base needs to be installed.And configure the basic DS instance using setup-ds.pl(accept all defaults) | ||
#: $ yum install java-1.6.0-openjdk | #: $ yum install java-1.6.0-openjdk | ||
#: $ yum install 389-ds-base | #: $ yum install 389-ds-base | ||
#: $ /usr/sbin/setup-ds.pl | #: $ /usr/sbin/setup-ds.pl | ||
# Next,is to install all main dogtag PKI packages | # Next,is to install all main dogtag PKI packages | ||
#: | #: | ||
#: yum install pki-ca pki-ra pki-kra pki-ocsp pki-tks pki-tps pki-console --enablerepo=updates-testing | #: yum install pki-ca pki-ra pki-kra pki-ocsp pki-tks pki-tps pki-console --enablerepo=updates-testing | ||
# Next, Once installed, create instances for each subsystem using the | # Next, Once installed, create instances for each subsystem using the {{filename|/usr/bin/pkicreate}} command(see pkicreate --help for more). The below is an example of creating an instance of CA(Certificate Authority) subsystem | ||
#: <pre> | #: <pre> | ||
#:======================================================= | #:======================================================= | ||
#:pkicreate -pki_instance_root=/var/lib \ | #: pkicreate -pki_instance_root=/var/lib \ | ||
#: | #: -pki_instance_name=pki-ca \ | ||
#: | #: -subsystem_type=ca \ | ||
#: | #: -agent_secure_port=9443 \ | ||
#: | #: -ee_secure_port=9444 \ | ||
#: | #: -admin_secure_port=9445 \ | ||
#: | #: -unsecure_port=9180 \ | ||
#: | #: -tomcat_server_port=9701 \ | ||
#: | #: -user=pkiuser \ | ||
#: | #: -group=pkiuser \ | ||
#: | #: -redirect conf=/etc/pki-ca \ | ||
#: | #: -redirect logs=/var/log/pki-ca \ | ||
#: -verbose | #: -verbose | ||
#:======================================================== | #:======================================================== | ||
Line 32: | Line 31: | ||
Silent script for CA: | Silent script for CA: | ||
Note-replace the -bind_password appropriately from your step-1 | Note-replace the -bind_password appropriately from your step-1 | ||
http://kashyapc.fedorapeople.org/dogtag- | http://kashyapc.fedorapeople.org/dogtag-pki/pkisilent-scripts/ca-silent.bash | ||
* Now, Configure the rest of the subsystems by creating instances using 'pkicreate' (again see 'pkicreate' syntax for help) | * Now, try to Configure the rest of the subsystems(RA,OCSP,KRA,TKS,TPS) by creating instances using 'pkicreate' (again see 'pkicreate' syntax for help) | ||
</pre> | </pre> | ||
|results= | |results= |
Latest revision as of 19:10, 8 December 2011
Description
Dogtag Certificate System setup and configuration
How to test
- First, prerequisites, Java OpenJDK, 389-ds-base needs to be installed.And configure the basic DS instance using setup-ds.pl(accept all defaults)
- $ yum install java-1.6.0-openjdk
- $ yum install 389-ds-base
- $ /usr/sbin/setup-ds.pl
- Next,is to install all main dogtag PKI packages
- yum install pki-ca pki-ra pki-kra pki-ocsp pki-tks pki-tps pki-console --enablerepo=updates-testing
- Next, Once installed, create instances for each subsystem using the
/usr/bin/pkicreate
command(see pkicreate --help for more). The below is an example of creating an instance of CA(Certificate Authority) subsystem- =======================================================
- pkicreate -pki_instance_root=/var/lib \
- -pki_instance_name=pki-ca \
- -subsystem_type=ca \
- -agent_secure_port=9443 \
- -ee_secure_port=9444 \
- -admin_secure_port=9445 \
- -unsecure_port=9180 \
- -tomcat_server_port=9701 \
- -user=pkiuser \
- -group=pkiuser \
- -redirect conf=/etc/pki-ca \
- -redirect logs=/var/log/pki-ca \
- -verbose
- ========================================================
- Once the instance creation is finished from step-1, go through configuration wizard for CA and finish installation (or use the pkisilent script to silently configure. see 'pki-silent' package and it's template file '/usr/share/pki/silent/pki_silent.template' )
Silent script for CA: Note-replace the -bind_password appropriately from your step-1
http://kashyapc.fedorapeople.org/dogtag-pki/pkisilent-scripts/ca-silent.bash
- Now, try to Configure the rest of the subsystems(RA,OCSP,KRA,TKS,TPS) by creating instances using 'pkicreate' (again see 'pkicreate' syntax for help)
Expected Results
The following must be true to consider this a successful test run. Be brief ... but explicit.
- Step #1 completes without error
- Step #2 completes without error
- Step #3 CA Instance gets created successfully
- Step #4 CA instance should be configured fine(and respectively other subsystems)