Difference between revisions of "PKI Subsystem Configuration"
(→CA) |
|||
| Line 45: | Line 45: | ||
<ul> | <ul> | ||
'''Note: ''' The pin is also stored in the '''/etc/<instance name>/CS.cfg''' file as the '''preop.pin''' parameter.<br> | '''Note: ''' The pin is also stored in the '''/etc/<instance name>/CS.cfg''' file as the '''preop.pin''' parameter.<br> | ||
| + | <br> | ||
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel. | Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel. | ||
</ul> | </ul> | ||
Revision as of 22:15, 24 February 2008
PKI Subsystem Configuration
CA
Configuration of this PKI subsystem can be accomplished in one of three ways:
(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:
PKI instance creation Utility ... PKI instance creation completed ... Starting pki-ca: [ OK ] PKI service(s) are available at https://<fully qualified domain name>:<secure ca port> Server can be operated with /etc/init.d/pki-ca start | stop | restart Please start the configuration by accessing: http://<fully qualified domain name>:<ca port>/ca/admin/console/config/login?pin=2yTKpsg1GupESw4tYYOv
| NOTE: | Default secure ca port: | 9443 |
| Default ca port: | 9080 |
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:
. . . [2008-02-22 18:20:00] [log] Configuration Wizard listening on http://<fully qualified domain name>:<ca port>/ca/admin/console/config/login?pin=2yTKpsg1GupESw4tYYOv
-
Note: The pin is also stored in the /etc/<instance name>/CS.cfg file as the preop.pin parameter.
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
DRM
Configuration of this PKI subsystem can be accomplished in one of three ways:
(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:
PKI instance creation Utility ... PKI instance creation completed ... Starting pki-kra: [ OK ] PKI service(s) are available at https://<fully qualified domain name>:<secure drm port> Server can be operated with /etc/init.d/pki-kra start | stop | restart Please start the configuration by accessing: http://<fully qualified domain name>:<drm port>/kra/admin/console/config/login?pin=4GW0J9AE529VcwUEulBU
| NOTE: | Default secure drm port: | 10443 |
| Default drm port: | 10080 |
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:
. . . [2008-02-22 18:21:00] [log] Configuration Wizard listening on http://<fully qualified domain name>:<drm port>/kra/admin/console/config/login?pin=4GW0J9AE529VcwUEulBU
-
Note: The pin is also stored in the /etc/<instance name>/CS.cfg file as the preop.pin parameter.
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
OCSP
Configuration of this PKI subsystem can be accomplished in one of three ways:
(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:
PKI instance creation Utility ... PKI instance creation completed ... Starting pki-ocsp: [ OK ] PKI service(s) are available at https://<fully qualified domain name>:<secure ocsp port> Server can be operated with /etc/init.d/pki-ocsp start | stop | restart Please start the configuration by accessing: http://<fully qualified domain name>:<ocsp port>/ocsp/admin/console/config/login?pin=ceUqWDSnuDGd6hHj52TY
| NOTE: | Default secure ocsp port: | 11443 |
| Default ocsp port: | 11080 |
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:
. . . [2008-02-22 18:21:55] [log] Configuration Wizard listening on http://<fully qualified domain name>:<ocsp port>/ocsp/admin/console/config/login?pin=ceUqWDSnuDGd6hHj52TY
-
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
RA
Configuration of this PKI subsystem can be accomplished in one of three ways:
(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:
PKI instance creation Utility ... PKI instance creation completed ... Starting pki-ra: [ OK ] PKI service(s) are available at https://<fully qualified domain name>:<secure ra port> Server can be operated with /etc/init.d/pki-ra start | stop | restart Please start the configuration by accessing: http://<fully qualified domain name>:<ra port>/ra/admin/console/config/login?pin=ZvgA642EXN9R8NX2JqDK
| NOTE: | Default secure ra port: | 12889 |
| Default ra port: | 12888 |
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:
. . . [2008-02-22 18:23:49] [log] Configuration Wizard listening on http://<fully qualified domain name>:<ra port>/ra/admin/console/config/login?pin=ZvgA642EXN9R8NX2JqDK
-
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
TKS
Configuration of this PKI subsystem can be accomplished in one of three ways:
(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:
PKI instance creation Utility ... PKI instance creation completed ... Starting pki-tks: [ OK ] PKI service(s) are available at https://<fully qualified domain name>:<secure tks port> Server can be operated with /etc/init.d/pki-tks start | stop | restart Please start the configuration by accessing: http:/<fully qualified domain name>:<tks port>//tks/admin/console/config/login?pin=ki0R7vMRR75NoIhBrxmf
| NOTE: | Default secure tks port: | 13443 |
| Default tks port: | 13080 |
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:
. . . [2008-02-22 18:22:46] [log] Configuration Wizard listening on http:/<fully qualified domain name>:<tks port>//tks/admin/console/config/login?pin=ki0R7vMRR75NoIhBrxmf
-
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
TPS
Configuration of this PKI subsystem can be accomplished in one of three ways:
(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:
PKI instance creation Utility ... PKI instance creation completed ... Starting pki-tps: [ OK ] PKI service(s) are available at https://<fully qualified domain name>:<secure tps port> Server can be operated with /etc/init.d/pki-tps start | stop | restart Please start the configuration by accessing: http://<fully qualified domain name>:<tps port>/tps/admin/console/config/login?pin=X4PRHsoagBcuNUGeneUM
| NOTE: | Default secure tps port: | 7889 |
| Default tps port: | 7888 |
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:
. . . [2008-02-22 18:27:58] [log] Configuration Wizard listening on http://<fully qualified domain name>:<tps port>/tps/admin/console/config/login?pin=X4PRHsoagBcuNUGeneUM
-
Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
