Skip to content

Quick Start

Jump to bottom
Endi S. Dewata edited this page May 11, 2021 · 20 revisions

Overview

This document describes the process to install a simple PKI system which consist of a DS instance and a CA instance on a single machine.

Installing Dependencies

To install DS and PKI packages, execute the following command:

$ dnf install 389-ds-base dogtag-pki

Creating DS Instance

To create a DS instance, see DS Installation.

Creating CA Subsystem

To create CA subsystem in interactive mode, run pkispawn :

$ pkispawn
Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]:

Tomcat:
  Instance [pki-tomcat]:
  HTTP port [8080]:
  Secure HTTP port [8443]:
  AJP port [8009]:
  Management port [8005]:

Administrator:
  Username [caadmin]:
  Password: Secret.123
  Verify password: Secret.123
  Import certificate (Yes/No) [N]?
  Export certificate to [/root/.dogtag/pki-tomcat/ca_admin.cert]:

Directory Server:
  Hostname [server.example.com]:
  Port [389]:
  Bind DN [cn=Directory Manager]:
  Password: Secret.123
  Base DN [o=pki-tomcat-CA]:

Security Domain:
  Name [example.com Security Domain]:

Begin installation (Yes/No/Quit)? Y

Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.

    ==========================================================================
                                INSTALLATION SUMMARY
    ==========================================================================

      Administrator's username:             caadmin
      Administrator's PKCS #12 file:
            /root/.dogtag/pki-tomcat/ca_admin_cert.p12

      To check the status of the subsystem:
            systemctl status [email protected]

      To restart the subsystem:
            systemctl restart [email protected]
      The URL for the subsystem is:
            https://server.example.com:8443/ca

    ==========================================================================

See also Installation Guide.

Accessing PKI Services

To access PKI services via Web UI open https://server.example.com:8443 with a browser. See Importing Admin Certificate into Firefox.

To access PKI services via command-line, use the PKI CLI. See Importing Admin Certificate into PKI CLI.

Using PKI Services

The most common PKI services are:

See also End-Entity Guide.

Managing PKI Services

Removing CA Subsystem

To remove the CA subsystem in interactive mode, run pkidestroy :

$ pkidestroy
Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]:
Instance [pki-tomcat]:

Begin uninstallation (Yes/No/Quit)? Y

Loading deployment configuration from /var/lib/pki/pki-tomcat/ca/registry/ca/deployment.cfg.
Uninstalling CA from /var/lib/pki/pki-tomcat.

Uninstallation complete.

See also Installation Guide.

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
Clone this wiki locally