External COPR Builds of CentOS 7.2 PKI EPEL Packages

Fetching External COPR Builds of CentOS 7.2 PKI EPEL Packages

• External COPR builds of CentOS 7.2 PKI EPEL packages are available via the following 'yum' repo:
  • https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.2/repo/epel-7/group_pki-epel-7.2-epel-7.repo

  [group_pki-epel-7.2]
  name=Copr repo for epel-7.2 owned by @pki
  baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.2/epel-7-$basearch/
  type=rpm-md
  skip_if_unavailable=True
  gpgcheck=1
  gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.2/pubkey.gpg
  repo_gpgcheck=0
  enabled=1
  enabled_metadata=1

External COPR Builds of CentOS 7.3 PKI EPEL Packages

Fetching External COPR Builds of CentOS 7.3 PKI EPEL Packages

• External COPR builds of CentOS 7.3 PKI EPEL packages are available via the following 'yum' repo:
  • https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/repo/epel-7/group_pki-epel-7.3-epel-7.repo

  [group_pki-epel-7.3]
  name=Copr repo for epel-7.3 owned by @pki
  baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/epel-7-$basearch/
  type=rpm-md
  skip_if_unavailable=True
  gpgcheck=1
  gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/pubkey.gpg
  repo_gpgcheck=0
  enabled=1
  enabled_metadata=1

Testing External COPR Builds of PKI EPEL Packages on CentOS 7

Create a CentOS 7 VM

• sudo yum update
• sync; sync; sync; reboot

Download and Install 389 Packages to the CentOS 7 VM

• Download and install a 389 Directory Server:
  • sudo yum install 389-ds-base
  • sudo /usr/sbin/setup-ds.pl

Download and Install PKI Packages to the CentOS 7 VM

• Create a yum repo for PKI EPEL 7.2 or PKI EPEL 7.3:
  • (e. g. - setting up the CentOS 7 VM to test PKI EPEL 7.3 packages)
  • sudo vi /etc/yum.repos.d/pki-epel-7.3.repo

  [group_pki-epel-7.3]
  name=Copr repo for epel-7.3 owned by @pki
  baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/epel-7-$basearch/
  type=rpm-md
  skip_if_unavailable=True
  gpgcheck=1
  gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/pubkey.gpg
  repo_gpgcheck=0
  enabled=1
  enabled_metadata=1

• Download and install PKI packages using the Meta package:
  • sudo yum install redhat-pki

Install a PKI CA Server Instance on the CentOS 7 VM

• Create an installation configuration file for a new PKI instance of a CA:
  • sudo mkdir -p /root/pki
  • sudo vi /root/pki/ca.cfg

  [DEFAULT]
  pki_admin_password=<password>
  pki_client_pkcs12_password=<password>
  pki_ds_password=<password>

• Create a new PKI instance of a CA:
  • sudo script -c 'pkispawn -s CA -f /root/pki/ca.cfg -vvv'

Install a Fresh PKI CA Client Browser Profile on the CentOS 7 VM

• Create a new Firefox browser profile and test out the CA server:
  • Fetch '/root/.dogtag/pki-tomcat/ca_admin_cert.p12' from the CA Server and place a world readable copy of this under '/tmp'
  • Launch a new Firefox browser profile
    • https://<hostname fqdn>:8443/ca/services/
    • https://<hostname fqdn>:8443/ca/ee/ca/
      • Select the Retrieval Tab
        • Select Import CA Certificate Chain
          • Select Import the CA certificate chain into your browser radio button and press Submit
            • Mark all three trust check boxes in the pop-up dialog
      • Select the Enrollment / Renewal Tab
      • Select the Browser Menu
        • Select the Preferences Icon
          • Select Advanced | Certificates | View Certificates | Your Certificates | Import..., load /tmp/ca_admin_cert.p12, and authenticate it to load it into the browser
    • https://<hostname fqdn>:8443/ca/ee/ca/
      • Select the Enrollment / Renewal Tab
        • Select the Manual User Dual-Use Certificate Enrollment profile
          • In the UID field type CentOS 7.3 test and press the Submit button
    • https://<hostname fqdn>:8443/ca/agent/ca/ and select the newly imported Administration Certificate
      • Select List Requests and press Find
        • Select the newly submitted request id and press the submit button
      • Select List Certificates and press Find
        • Click on the certificate with the Subject Name of UID=CentOS 7.3 test
  • Remove '/tmp/ca_admin_cert.p12'