From Fedora Project Wiki

Line 5: Line 5:
 
|actions=
 
|actions=
 
# First, prerequisites, Java OpenJDK, 389-ds-base needs to be installed.And configure the basic DS instance using setup-ds.pl(accept all defaults)
 
# First, prerequisites, Java OpenJDK, 389-ds-base needs to be installed.And configure the basic DS instance using setup-ds.pl(accept all defaults)
#:
 
 
#: $ yum install java-1.6.0-openjdk
 
#: $ yum install java-1.6.0-openjdk
 
#: $ yum install 389-ds-base
 
#: $ yum install 389-ds-base
Line 12: Line 11:
 
#:  
 
#:  
 
#: yum install pki-ca pki-ra pki-kra pki-ocsp pki-tks pki-tps pki-console  --enablerepo=updates-testing
 
#: yum install pki-ca pki-ra pki-kra pki-ocsp pki-tks pki-tps pki-console  --enablerepo=updates-testing
# Next, Once installed, create instances for each subsystem using the 'pkicreate' command(see pkicreate --help for more)
+
# Next, Once installed, create instances for each subsystem using the {{filename|/usr/bin/pkicreate}} command(see pkicreate --help for more). The below is an example of creating an instance of CA(Certificate Authority) subsystem
 
#: <pre>
 
#: <pre>
 
#:=======================================================
 
#:=======================================================
#:pkicreate -pki_instance_root=/var/lib        \
+
#: #!/bin/sh
#:         -pki_instance_name=pki-ca          \
+
#: set -x
#:         -subsystem_type=ca                \
+
#: pkicreate -pki_instance_root=/var/lib        \
#:         -agent_secure_port=9443            \
+
#:           -pki_instance_name=pki-ca          \
#:         -ee_secure_port=9444              \
+
#:           -subsystem_type=ca                \
#:         -admin_secure_port=9445            \
+
#:           -agent_secure_port=9443            \
#:         -unsecure_port=9180                \
+
#:           -ee_secure_port=9444              \
#:         -tomcat_server_port=9701          \
+
#:           -admin_secure_port=9445            \
#:         -user=pkiuser                      \
+
#:           -unsecure_port=9180                \
#:         -group=pkiuser                    \
+
#:           -tomcat_server_port=9701          \
#:         -redirect conf=/etc/pki-ca        \
+
#:           -user=pkiuser                      \
#:         -redirect logs=/var/log/pki-ca    \
+
#:           -group=pkiuser                    \
 +
#:           -redirect conf=/etc/pki-ca        \
 +
#:           -redirect logs=/var/log/pki-ca    \
 
#:          -verbose
 
#:          -verbose
 
#:========================================================
 
#:========================================================

Revision as of 08:52, 11 February 2010

Description

Dogtag Certificate System setup and configuration


How to test

  1. First, prerequisites, Java OpenJDK, 389-ds-base needs to be installed.And configure the basic DS instance using setup-ds.pl(accept all defaults)
    $ yum install java-1.6.0-openjdk
    $ yum install 389-ds-base
    $ /usr/sbin/setup-ds.pl
  2. Next,is to install all main dogtag PKI packages
    yum install pki-ca pki-ra pki-kra pki-ocsp pki-tks pki-tps pki-console --enablerepo=updates-testing
  3. Next, Once installed, create instances for each subsystem using the /usr/bin/pkicreate command(see pkicreate --help for more). The below is an example of creating an instance of CA(Certificate Authority) subsystem
    =======================================================
    #!/bin/sh
    set -x
    pkicreate -pki_instance_root=/var/lib \
    -pki_instance_name=pki-ca \
    -subsystem_type=ca \
    -agent_secure_port=9443 \
    -ee_secure_port=9444 \
    -admin_secure_port=9445 \
    -unsecure_port=9180 \
    -tomcat_server_port=9701 \
    -user=pkiuser \
    -group=pkiuser \
    -redirect conf=/etc/pki-ca \
    -redirect logs=/var/log/pki-ca \
    -verbose
    ========================================================
  4. Once the instance creation is finished from step-1, go through configuration wizard for CA and finish installation (or use the pkisilent script to silently configure. see 'pki-silent' package and it's template file '/usr/share/pki/silent/pki_silent.template' )

Silent script for CA: Note-replace the -bind_password appropriately from your step-1

http://kashyapc.fedorapeople.org/dogtag-test/ca-silent.bash 
  • Now, try to Configure the rest of the subsystems(RA,OCSP,KRA,TKS,TPS) by creating instances using 'pkicreate' (again see 'pkicreate' syntax for help)

Expected Results

The following must be true to consider this a successful test run. Be brief ... but explicit.

  1. Step #1 completes without error
  2. Step #2 completes without error
  3. Step #3 CA Instance gets created successfully
  4. Step #4 CA instance should be configured fine(and respectively other subsystems)