Installation

To install an OCSP subsystem instance, become the root user, and execute the following commands:

$ pkicreate -pki_instance_root=/var/lib       \

``            -pki_instance_name=pki-ocsp       ``

``            -subsystem_type=ocsp              ``

``            -agent_secure_port=11443          ``

``            -ee_secure_port=11444             ``

``            -admin_secure_port=11445          ``

``            -unsecure_port=11180              ``

``            -tomcat_server_port=11701         ``

``            -user=pkiuser                     ``

``            -group=pkiuser                    ``

``            -redirect conf=/etc/pki-ocsp      ``

``            -redirect logs=/var/log/pki-ocsp  ``

``            -verbose``

Configuration

Configuration of this PKI subsystem can be accomplished in one of three ways:

(1) The configuration URL is present on the screen. When this occurs, something similar to the following should appear on the screen (e. g. - Dogtag 1.3):

``   PKI instance creation Utility …``

``   ``

``   ``

``   PKI instance creation completed …``

``   ``

``   Starting pki-ocsp:          [  OK  ]``

``   ``

``   PKI service(s) are available at \ ```https://<fully <https://%3Cfully>`__`` qualified domain name>:<secure ocsp port>``

``   ``

``   Server can be operated with /etc/init.d/pki-ocsp start | stop | restart``

``   ``

``   Please start the configuration by accessing:``

``   \ ```http://<fully <http://%3Cfully>`__`` qualified domain name>:<ocsp port>/ocsp/admin/console/config/login?pin=ceUqWDSnuDGd6hHj52TY``

**NOTE:  **

Default secure ocsp port: Default ocsp port:

11443 11080

**NOTE:  **

Dogtag 9.0 uses a master daemon, ‘pki-ocspd’, with an optional specific instance (e. g. - ‘/sbin/service pki-ocspd start | stop | restart [OCSP instance])!

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

``   \ **``IMPORTANT:  ``**\ `` When finished, don't forget to restart this PKI instance before attempting to use it!

(2) If the user no longer has access to the configuration URL displayed on the screen, one can find the configuration URL at the end of the /var/log/<instance name>-install.log. For example:

``   .``

``   .``

``   .``

``   [2008-02-22 18:21:55] [log] Configuration Wizard listening on``

``   \ ```http://<fully <http://%3Cfully>`__`` qualified domain name>:<ocsp port>/ocsp/admin/console/config/login?pin=ceUqWDSnuDGd6hHj52TY``

**NOTE:  **	The pin is also stored in the /etc/<instance name>/CS.cfg file as the preop.pin parameter.
	The ocsp port is also stored in the /etc/<instance name>/server.xml file as the first uncommented “non-SSL HTTP/1.1 Connector” Connector port parameter.

Invoke a browser, insert the configuration URL, and follow the step-by-step instructions displayed in each panel.

``   \ **``IMPORTANT:  ``**\ `` When finished, don't forget to restart this PKI instance before attempting to use it!

(3) PKI subsystems can also be configured “automatically” by creating and using the pkisilent component with a predefined profile.

``   \ **``IMPORTANT:  ``**\ `` When finished, don't forget to restart this PKI instance before attempting to use it!

See Also

• PKI 9 Installation