PKI Subsystem Configuration

From Dogtag
Revision as of 22:22, 24 February 2008 by Mharmsen (talk | contribs) (CA)

Jump to: navigation, search

PKI Subsystem Configuration

CA

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-ca:          [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure ca port>
   
   Server can be operated with /etc/init.d/pki-ca start | stop | restart
   
   Please start the configuration by accessing:
   http://<fully qualified domain name>:<ca port>/ca/admin/console/config/login?pin=2yTKpsg1GupESw4tYYOv
    NOTE:   Default secure ca port:   9443
      Default ca port: 9080

    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:20:00] [log] Configuration Wizard listening on
   http://<fully qualified domain name>:<ca port>/ca/admin/console/config/login?pin=2yTKpsg1GupESw4tYYOv
    NOTE:   The pin is also stored in the /etc/<instance name>/CS.cfg file as the preop.pin parameter.
      The ca port is also stored in the /etc/<instance name>/server.xml file as the first uncommented "non-SSL HTTP/1.1 Connector" Connector port parameter.

    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.

DRM

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-kra:          [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure drm port>
   
   Server can be operated with /etc/init.d/pki-kra start | stop | restart
   
   Please start the configuration by accessing:
   http://<fully qualified domain name>:<drm port>/kra/admin/console/config/login?pin=4GW0J9AE529VcwUEulBU
    NOTE:   Default secure drm port:   10443
      Default drm port: 10080

    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:21:00] [log] Configuration Wizard listening on
   http://<fully qualified domain name>:<drm port>/kra/admin/console/config/login?pin=4GW0J9AE529VcwUEulBU
    Note:   The pin is also stored in the /etc/<instance name>/CS.cfg file as the preop.pin parameter.
    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.

OCSP

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-ocsp:          [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure ocsp port>
   
   Server can be operated with /etc/init.d/pki-ocsp start | stop | restart
   
   Please start the configuration by accessing:
   http://<fully qualified domain name>:<ocsp port>/ocsp/admin/console/config/login?pin=ceUqWDSnuDGd6hHj52TY
    NOTE:   Default secure ocsp port:   11443
      Default ocsp port: 11080

    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:21:55] [log] Configuration Wizard listening on
   http://<fully qualified domain name>:<ocsp port>/ocsp/admin/console/config/login?pin=ceUqWDSnuDGd6hHj52TY
    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.

RA

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-ra:                                        [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure ra port>
   
   Server can be operated with /etc/init.d/pki-ra start | stop | restart
   
   Please start the configuration by accessing:
   http://<fully qualified domain name>:<ra port>/ra/admin/console/config/login?pin=ZvgA642EXN9R8NX2JqDK
    NOTE:   Default secure ra port:   12889
      Default ra port: 12888

    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:23:49] [log] Configuration Wizard listening on
   http://<fully qualified domain name>:<ra port>/ra/admin/console/config/login?pin=ZvgA642EXN9R8NX2JqDK
    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.


TKS

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-tks:          [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure tks port>
   
   Server can be operated with /etc/init.d/pki-tks start | stop | restart
   
   Please start the configuration by accessing:
   http:/<fully qualified domain name>:<tks port>//tks/admin/console/config/login?pin=ki0R7vMRR75NoIhBrxmf
    NOTE:   Default secure tks port:   13443
      Default tks port: 13080

    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:22:46] [log] Configuration Wizard listening on
   http:/<fully qualified domain name>:<tks port>//tks/admin/console/config/login?pin=ki0R7vMRR75NoIhBrxmf
    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.

TPS

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen:

   PKI instance creation Utility ...
   
   
   PKI instance creation completed ...
   
   Starting pki-tps:                                        [  OK  ]
   
   PKI service(s) are available at https://<fully qualified domain name>:<secure tps port>
   
   Server can be operated with /etc/init.d/pki-tps start | stop | restart
   
   Please start the configuration by accessing:
   http://<fully qualified domain name>:<tps port>/tps/admin/console/config/login?pin=X4PRHsoagBcuNUGeneUM
    NOTE:   Default secure tps port:   7889
      Default tps port: 7888

    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(2) If the user no longer has access to the configuration URL, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

   .
   .
   .
   [2008-02-22 18:27:58] [log] Configuration Wizard listening on
   http://<fully qualified domain name>:<tps port>/tps/admin/console/config/login?pin=X4PRHsoagBcuNUGeneUM
    Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

(3) PKI subsystems can also be configured "automatically" by creating and using the pkisilent component with a predefined profile.