Difference between revisions of "PKI Subsystem Configuration"

From Dogtag
Jump to: navigation, search
Line 5: Line 5:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
  
(1) The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
+
'''(1)''' The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
  
 
     PKI instance creation Utility ...
 
     PKI instance creation Utility ...
Line 38: Line 38:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
+
'''(2)''' If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
  
 
     .
 
     .
Line 61: Line 61:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
+
'''(3)''' PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
  
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
Line 70: Line 70:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
  
(1) The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
+
'''(1)''' The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
  
 
     PKI instance creation Utility ...
 
     PKI instance creation Utility ...
Line 103: Line 103:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
+
'''(2)''' If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
  
 
     .
 
     .
Line 126: Line 126:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
+
'''(3)''' PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
  
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
Line 135: Line 135:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
  
(1) The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
+
'''(1)''' The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
  
 
     PKI instance creation Utility ...
 
     PKI instance creation Utility ...
Line 168: Line 168:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
+
'''(2)''' If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
  
 
     .
 
     .
Line 191: Line 191:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
+
'''(3)''' PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
  
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
Line 200: Line 200:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
  
(1) The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
+
'''(1)''' The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
  
 
     PKI instance creation Utility ...
 
     PKI instance creation Utility ...
Line 233: Line 233:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
+
'''(2)''' If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
  
 
     .
 
     .
Line 256: Line 256:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
+
'''(3)''' PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
  
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
Line 264: Line 264:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
  
(1) The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
+
'''(1)''' The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
  
 
     PKI instance creation Utility ...
 
     PKI instance creation Utility ...
Line 297: Line 297:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
+
'''(2)''' If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
  
 
     .
 
     .
Line 320: Line 320:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
+
'''(3)''' PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
  
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
Line 328: Line 328:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
 
Configuration of this PKI subsystem can be accomplished in one of three ways:
  
(1) The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
+
'''(1)''' The configuration URL is present on the screen.  When this occurs, something similar to the following should appear on the screen:
  
 
     PKI instance creation Utility ...
 
     PKI instance creation Utility ...
Line 361: Line 361:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
+
'''(2)''' If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the '''/var/log/<instance name>-install.log'''.  For example:
  
 
     .
 
     .
Line 384: Line 384:
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
  
(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
+
'''(3)''' PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.
  
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!
 
'''IMPORTANT:  ''' When finished, don't forget to restart this PKI instance before attempting to use it!

Revision as of 02:00, 29 February 2008

PKI Subsystem Configuration

CA

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-ca:          [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure ca port>
   
   Server can be operated with /etc/init.d/pki-ca start | stop | restart
   
   Please start the configuration by accessing:
   http://<fully qualified domain name>:<ca port>/ca/admin/console/config/login?pin=2yTKpsg1GupESw4tYYOv
NOTE:   Default secure ca port:   9443
  Default ca port: 9080

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:20:00] [log] Configuration Wizard listening on
   http://<fully qualified domain name>:<ca port>/ca/admin/console/config/login?pin=2yTKpsg1GupESw4tYYOv
NOTE:   The pin is also stored in the /etc/<instance name>/CS.cfg file as the preop.pin parameter.
  The ca port is also stored in the /etc/<instance name>/server.xml file as the first uncommented "non-SSL HTTP/1.1 Connector" Connector port parameter.

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!


DRM

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-kra:          [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure drm port>
   
   Server can be operated with /etc/init.d/pki-kra start | stop | restart
   
   Please start the configuration by accessing:
   http://<fully qualified domain name>:<drm port>/kra/admin/console/config/login?pin=4GW0J9AE529VcwUEulBU
NOTE:   Default secure drm port:   10443
  Default drm port: 10080

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:21:00] [log] Configuration Wizard listening on
   http://<fully qualified domain name>:<drm port>/kra/admin/console/config/login?pin=4GW0J9AE529VcwUEulBU
NOTE:   The pin is also stored in the /etc/<instance name>/CS.cfg file as the preop.pin parameter.
  The drm port is also stored in the /etc/<instance name>/server.xml file as the first uncommented "non-SSL HTTP/1.1 Connector" Connector port parameter.

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!


OCSP

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-ocsp:          [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure ocsp port>
   
   Server can be operated with /etc/init.d/pki-ocsp start | stop | restart
   
   Please start the configuration by accessing:
   http://<fully qualified domain name>:<ocsp port>/ocsp/admin/console/config/login?pin=ceUqWDSnuDGd6hHj52TY
NOTE:   Default secure ocsp port:   11443
  Default ocsp port: 11080

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:21:55] [log] Configuration Wizard listening on
   http://<fully qualified domain name>:<ocsp port>/ocsp/admin/console/config/login?pin=ceUqWDSnuDGd6hHj52TY
NOTE:   The pin is also stored in the /etc/<instance name>/CS.cfg file as the preop.pin parameter.
  The ocsp port is also stored in the /etc/<instance name>/server.xml file as the first uncommented "non-SSL HTTP/1.1 Connector" Connector port parameter.

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!


RA

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-ra:                                        [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure ra port>
   
   Server can be operated with /etc/init.d/pki-ra start | stop | restart
   
   Please start the configuration by accessing:
   http://<fully qualified domain name>:<ra port>/ra/admin/console/config/login?pin=ZvgA642EXN9R8NX2JqDK
NOTE:   Default secure ra port:   12889
  Default ra port: 12888

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:23:49] [log] Configuration Wizard listening on
   http://<fully qualified domain name>:<ra port>/ra/admin/console/config/login?pin=ZvgA642EXN9R8NX2JqDK
NOTE:   The pin is also stored in the /etc/<instance name>/CS.cfg file as the preop.pin parameter.
  The ra port is also stored in the /etc/<instance name>/server.xml file as the first uncommented "non-SSL HTTP/1.1 Connector" Connector port parameter.

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

TKS

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-tks:          [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure tks port>
   
   Server can be operated with /etc/init.d/pki-tks start | stop | restart
   
   Please start the configuration by accessing:
   http:/<fully qualified domain name>:<tks port>//tks/admin/console/config/login?pin=ki0R7vMRR75NoIhBrxmf
NOTE:   Default secure tks port:   13443
  Default tks port: 13080

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:22:46] [log] Configuration Wizard listening on
   http:/<fully qualified domain name>:<tks port>//tks/admin/console/config/login?pin=ki0R7vMRR75NoIhBrxmf
NOTE:   The pin is also stored in the /etc/<instance name>/CS.cfg file as the preop.pin parameter.
  The tks port is also stored in the /etc/<instance name>/server.xml file as the first uncommented "non-SSL HTTP/1.1 Connector" Connector port parameter.

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

TPS

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-tps:                                        [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure tps port>
   
   Server can be operated with /etc/init.d/pki-tps start | stop | restart
   
   Please start the configuration by accessing:
   http://<fully qualified domain name>:<tps port>/tps/admin/console/config/login?pin=X4PRHsoagBcuNUGeneUM
NOTE:   Default secure tps port:   7889
  Default tps port: 7888

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:27:58] [log] Configuration Wizard listening on
   http://<fully qualified domain name>:<tps port>/tps/admin/console/config/login?pin=X4PRHsoagBcuNUGeneUM
NOTE:   The pin is also stored in the /etc/<instance name>/CS.cfg file as the preop.pin parameter.
  The tps port is also stored in the /etc/<instance name>/server.xml file as the first uncommented "non-SSL HTTP/1.1 Connector" Connector port parameter.

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.

IMPORTANT:   When finished, don't forget to restart this PKI instance before attempting to use it!