Skip to content

Quick Start

Jump to bottom
Endi S. Dewata edited this page Jan 23, 2021 · 20 revisions

Overview

This document describes the process to install basic PKI subsystems.

Installing Dependencies

To install DS and PKI packages, execute the following command:

$ dnf install 389-ds-base dogtag-pki

Creating DS Instance

Creating CA Subsystem

To create CA subsystem in interactive mode, run pkispawn :

$ pkispawn
Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]:

Tomcat:
  Instance [pki-tomcat]:
  HTTP port [8080]:
  Secure HTTP port [8443]:
  AJP port [8009]:
  Management port [8005]:

Administrator:
  Username [caadmin]:
  Password: Secret.123
  Verify password: Secret.123
  Import certificate (Yes/No) [N]?
  Export certificate to [/root/.dogtag/pki-tomcat/ca_admin.cert]:

Directory Server:
  Hostname [server.example.com]:
  Port [389]:
  Bind DN [cn=Directory Manager]:
  Password: Secret.123
  Base DN [o=pki-tomcat-CA]:

Security Domain:
  Name [example.com Security Domain]:

Begin installation (Yes/No/Quit)? Y

Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.

    ==========================================================================
                                INSTALLATION SUMMARY
    ==========================================================================

      Administrator's username:             caadmin
      Administrator's PKCS #12 file:
            /root/.dogtag/pki-tomcat/ca_admin_cert.p12

      To check the status of the subsystem:
            systemctl status [email protected]

      To restart the subsystem:
            systemctl restart [email protected]
      The URL for the subsystem is:
            https://server.example.com:8443/ca

    ==========================================================================

Accessing PKI Services

To access PKI services via Web UI open https://server.example.com:8443 with a browser.

To access PKI services via command-line, use the PKI CLI.

By default only the Default CA Admin and end-entities can access PKI services. See Adding System User.

Managing PKI Services

Using PKI Services

See User Guide.

Removing CA Subsystem

To remove the CA subsystem in interactive mode, run pkidestroy :

$ pkidestroy
Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]:
Instance [pki-tomcat]:

Begin uninstallation (Yes/No/Quit)? Y

Loading deployment configuration from /var/lib/pki/pki-tomcat/ca/registry/ca/deployment.cfg.
Uninstalling CA from /var/lib/pki/pki-tomcat.

Uninstallation complete.

See also Installation Guide.

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
Clone this wiki locally