Difference between revisions of "COPR Repository for CentOS"

From Dogtag
Jump to: navigation, search
(Created page with '= PKI COPR EPEL Builds for CentOS 7.2 = = PKI COPR EPEL Builds for CentOS 7.3 = External COPR Builds of PKI are maintained via [https://copr.fedorainfracloud.org/coprs/g/pki/epel...')
 
m (PKI COPR EPEL Builds for CentOS 7.3)
Line 18: Line 18:
 
** sudo yum update
 
** sudo yum update
 
** sync; sync; sync; reboot
 
** sync; sync; sync; reboot
 +
 
* Download and install a 389 Directory Server:
 
* Download and install a 389 Directory Server:
 
** sudo yum install 389-ds-base
 
** sudo yum install 389-ds-base
 
** sudo /usr/sbin/setup-ds.pl
 
** sudo /usr/sbin/setup-ds.pl
 +
 
* Create a yum repo for PKI EPEL 7.3:
 
* Create a yum repo for PKI EPEL 7.3:
 
** sudo vi /etc/yum.repos.d/pki-epel-7.3.repo
 
** sudo vi /etc/yum.repos.d/pki-epel-7.3.repo
Line 42: Line 44:
 
   pki_ds_password=<password>
 
   pki_ds_password=<password>
 
** sudo script -c 'pkispawn -s CA -f /root/pki/ca.cfg -vvv'
 
** sudo script -c 'pkispawn -s CA -f /root/pki/ca.cfg -vvv'
 +
 
* Create a new Firefox browser profile and test out the CA server:
 
* Create a new Firefox browser profile and test out the CA server:
 
** Fetch '/root/.dogtag/pki-tomcat/ca_admin_cert.p12' from the CA Server and place a world readable copy of this under '/tmp'
 
** Fetch '/root/.dogtag/pki-tomcat/ca_admin_cert.p12' from the CA Server and place a world readable copy of this under '/tmp'
Line 47: Line 50:
 
*** https://<hostname fqdn>:8443/ca/services/
 
*** https://<hostname fqdn>:8443/ca/services/
 
*** https://<hostname fqdn>:8443/ca/ee/ca/
 
*** https://<hostname fqdn>:8443/ca/ee/ca/
**** Select the Retrieval Tab
+
**** Select the '''Retrieval''' Tab
***** Select Import CA Certificate Chain
+
***** Select '''Import CA Certificate Chain'''
****** Select Import the CA certificate chain into your browser radio button and press Submit
+
****** Select '''Import the CA certificate chain into your browser''' radio button and press '''Submit'''
******* Mark all three trust check boxes
+
******* Mark all three trust check boxes in the pop-up dialog
**** Select the Enrollment / Renewal Tab
+
**** Select the '''Enrollment / Renewal''' Tab
**** Select the Browser Menu
+
**** Select the '''Browser Menu'''
***** Select the Preferences Icon
+
***** Select the '''Preferences''' Icon
****** Select Advanced | Certificates | View Certificates | Your Certificates | Import..., load /tmp/ca_admin_cert.p12, and authenticate it to load it into the browser
+
****** Select '''Advanced | Certificates | View Certificates | Your Certificates | Import...''', load '''/tmp/ca_admin_cert.p12''', and authenticate it to load it into the browser
 
*** https://<hostname fqdn>:8443/ca/ee/ca/
 
*** https://<hostname fqdn>:8443/ca/ee/ca/
**** Select the Enrollment / Renewal Tab
+
**** Select the '''Enrollment / Renewal''' Tab
***** Select Manual User Dual-Use Certificate Enrollment
+
***** Select the '''Manual User Dual-Use Certificate Enrollment''' profile
****** In the UID field type CentOS 7.3 test and press the Submit button
+
****** In the '''UID''' field type '''CentOS 7.3 test''' and press the '''Submit''' button
 
*** https://<hostname fqdn>:8443/ca/agent/ca/ and select the newly imported Administration Certificate
 
*** https://<hostname fqdn>:8443/ca/agent/ca/ and select the newly imported Administration Certificate
**** Select List Requests and press Find
+
**** Select '''List Requests''' and press '''Find'''
***** Select the newly submitted request id and press the submit button
+
***** Select the newly submitted request id and press the '''submit''' button
**** Select List Certificates and press Find
+
**** Select '''List Certificates''' and press '''Find'''
***** Click on the certificate with the Subject Name of UID=CentOS 7.3 test
+
***** Click on the certificate with the '''Subject Name''' of '''UID=CentOS 7.3 test'''

Revision as of 22:06, 20 September 2016

PKI COPR EPEL Builds for CentOS 7.2

PKI COPR EPEL Builds for CentOS 7.3

External COPR Builds of PKI are maintained via @pki/epel-7.3:

 [group_pki-epel-7.3]
 name=Copr repo for epel-7.3 owned by @pki
 baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/epel-7-$basearch/
 type=rpm-md
 skip_if_unavailable=True
 gpgcheck=1
 gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/pubkey.gpg
 repo_gpgcheck=0
 enabled=1
 enabled_metadata=1

To utilize these builds:

  • Create a CentOS 7 VM:
    • sudo yum update
    • sync; sync; sync; reboot
  • Download and install a 389 Directory Server:
    • sudo yum install 389-ds-base
    • sudo /usr/sbin/setup-ds.pl
  • Create a yum repo for PKI EPEL 7.3:
    • sudo vi /etc/yum.repos.d/pki-epel-7.3.repo
  [group_pki-epel-7.3]
  name=Copr repo for epel-7.3 owned by @pki
  baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/epel-7-$basearch/
  type=rpm-md
  skip_if_unavailable=True
  gpgcheck=1
  gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/pubkey.gpg
  repo_gpgcheck=0
  enabled=1
  enabled_metadata=1
  • Download and install a CA:
    • sudo yum install redhat-pki
    • sudo mkdir /root/pki
    • sudo vi /root/pki/ca.cfg
  [DEFAULT]
  pki_admin_password=<password>
  pki_client_pkcs12_password=<password>
  pki_ds_password=<password>
    • sudo script -c 'pkispawn -s CA -f /root/pki/ca.cfg -vvv'
  • Create a new Firefox browser profile and test out the CA server:
    • Fetch '/root/.dogtag/pki-tomcat/ca_admin_cert.p12' from the CA Server and place a world readable copy of this under '/tmp'
    • Launch a new Firefox browser profile
      • https://<hostname fqdn>:8443/ca/services/
      • https://<hostname fqdn>:8443/ca/ee/ca/
        • Select the Retrieval Tab
          • Select Import CA Certificate Chain
            • Select Import the CA certificate chain into your browser radio button and press Submit
              • Mark all three trust check boxes in the pop-up dialog
        • Select the Enrollment / Renewal Tab
        • Select the Browser Menu
          • Select the Preferences Icon
            • Select Advanced | Certificates | View Certificates | Your Certificates | Import..., load /tmp/ca_admin_cert.p12, and authenticate it to load it into the browser
      • https://<hostname fqdn>:8443/ca/ee/ca/
        • Select the Enrollment / Renewal Tab
          • Select the Manual User Dual-Use Certificate Enrollment profile
            • In the UID field type CentOS 7.3 test and press the Submit button
      • https://<hostname fqdn>:8443/ca/agent/ca/ and select the newly imported Administration Certificate
        • Select List Requests and press Find
          • Select the newly submitted request id and press the submit button
        • Select List Certificates and press Find
          • Click on the certificate with the Subject Name of UID=CentOS 7.3 test