Admin Tasks
From Dogtag
Contents
- 1 Overview
- 2 Subsystem-specific Tasks
- 3 Certificate System Configuration Files
- 4 Basic Subsystem Management
- 5 Managing Certificate System Users and Groups
- 5.1 Disabling Multi-Roles Support
- 5.2 Managing Users and Groups for a CA, OCSP, KRA, or TKS
- 5.3 Creating and Managing Users for a TPS
- 5.4 Configuring Access Control for Users for the CA, OCSP, DRM, and TKS
- 6 Configuring Subsystem Logs
- 7 Managing Subsystem Certificates
- 8 References
Overview
This page describes the procedure to execute admin tasks.
Subsystem-specific Tasks
Certificate System Configuration Files
Managing System Passwords
Changing System Passwords
Current procedure:
- Open password.conf.
- Change the password.
- Save the changes.
Proposed procedure:
- pki-server password-mod -i <instance ID> <name>
Removing System Passwords
Current procedure:
- Remove password.conf
Proposed procedure:
- pki-server password-del --all
Restoring System Passwords
Current procedure:
- Create password.conf.
- Add passwords listed in cms.passwordlist.
- Save the changes.
Proposed procedure:
- pki-server password-add --all
Basic Subsystem Management
Starting and Stopping Server Instances
Starting and Stopping an Server Instance
- pki-server instance-start [instance]
- pki-server instance-stop [instance]
Configuring Server Instance Auto-start
- pki-server instance-enable/disable [instance]
Checking the Server Instance Status
- pki-server instance-status [instance]
Configuring Ports
Current procedure:
- Stop the subsystem instance.
- Open the instance's configuration directory.
- Open the server.xml file, and edit the appropriate port numbers.
- Open the web.xml file, and edit the appropriate port numbers.
- Configure SELinux to work with the new port.
- Restart the subsystem.
Proposed procedure:
- pki-server instance-stop
- pki-server instance-port-find
- pki-server instance-port-mod <name> <value>
- pki-server instance-start
Configuring the LDAP Database
Changing the Internal Database Configuration
Current procedure:
- Log into the subsystem administrative console.
- In the Configuration tab, select the Internal Database tab.
- Change the Directory Server instance by changing the hostname, port, and bind DN fields.
- Click Save.
- Restart server.
Proposed procedure:
- pki-server instance-stop
- pki-server instance-config-internal-find
- pki-server instance-config-internal-mod <param> <value>
- pki-server instance-start
Enabling SSL Connection with Internal Database
See Enabling SSL Connection with Internal Database.
Configuring Client Certificate Authentication to Internal Database
See Configuring Client Certificate Authentication to Internal Database.