COPR Repository for CentOS

From Dogtag
Jump to: navigation, search

COPR Repository for CentOS 7.3

The COPR repository for CentOS 7.3 is available at https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/.

To enable the repository with dnf/yum command:

$ yum copr enable @pki/epel-7.3

Alternatively, the repository configuration can be installed manually:

$ wget \
 https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/repo/epel-7/group_pki-epel-7.3-epel-7.repo \
 -o /etc/yum.repos.d/pki-epel-7.3-epel-7.repo

COPR Repository for CentOS 7.2

The COPR repository for CentOS 7.2 is available at https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.2/.

To enable the repository with dnf/yum command:

$ yum copr enable @pki/epel-7.2

Alternatively, the repository configuration can be installed manually:

$ wget \
 https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.2/repo/epel-7/group_pki-epel-7.2-epel-7.repo \
 -o /etc/yum.repos.d/pki-epel-7.2-epel-7.repo

Testing COPR Builds for CentOS 7

Prepare a CentOS 7 machine

  • sudo yum update
  • sync; sync; sync; reboot

Prepare a DS instance

See Installing DS.

Install PKI packages

Enable the proper COPR repository (see above).

Download and install PKI packages:

$ sudo yum install dogtag-pki

Install PKI CA

  • Create an installation configuration file for a new PKI instance of a CA:
    • sudo mkdir -p /root/pki
    • sudo vi /root/pki/ca.cfg
  [DEFAULT]
  pki_admin_password=<password>
  pki_client_pkcs12_password=<password>
  pki_ds_password=<password>
  • Create a new PKI instance of a CA:
    • sudo script -c 'pkispawn -s CA -f /root/pki/ca.cfg -vvv'

Configure a Browser as PKI Client

  • Create a new Firefox browser profile and test out the CA server:
    • Fetch '/root/.dogtag/pki-tomcat/ca_admin_cert.p12' from the CA Server and place a world readable copy of this under '/tmp'
    • Launch a new Firefox browser profile
      • https://<hostname fqdn>:8443/ca/services/
      • https://<hostname fqdn>:8443/ca/ee/ca/
        • Select the Retrieval Tab
          • Select Import CA Certificate Chain
            • Select Import the CA certificate chain into your browser radio button and press Submit
              • Mark all three trust check boxes in the pop-up dialog
        • Select the Enrollment / Renewal Tab
        • Select the Browser Menu
          • Select the Preferences Icon
            • Select Advanced | Certificates | View Certificates | Your Certificates | Import..., load /tmp/ca_admin_cert.p12, and authenticate it to load it into the browser
      • https://<hostname fqdn>:8443/ca/ee/ca/
        • Select the Enrollment / Renewal Tab
          • Select the Manual User Dual-Use Certificate Enrollment profile
            • In the UID field type CentOS 7.3 test and press the Submit button
      • https://<hostname fqdn>:8443/ca/agent/ca/ and select the newly imported Administration Certificate
        • Select List Requests and press Find
          • Select the newly submitted request id and press the submit button
        • Select List Certificates and press Find
          • Click on the certificate with the Subject Name of UID=CentOS 7.3 test
    • Remove '/tmp/ca_admin_cert.p12'

References