-
Notifications
You must be signed in to change notification settings - Fork 139
Setting up Security Domain
Endi S. Dewata edited this page Dec 2, 2023
·
21 revisions
To create a security domain database:
$ pki-server sd-create --name EXAMPLE
To configure a subsystem (e.g. CA) as a security domain manager:
$ pki-server ca-config-set securitydomain.select new $ pki-server ca-config-set securitydomain.name EXAMPLE $ pki-server ca-config-set securitydomain.host ca.example.com $ pki-server ca-config-set securitydomain.httpport 8080 $ pki-server ca-config-set securitydomain.httpsadminport 8443 $ pki-server ca-config-set securitydomain.checkIP false $ pki-server ca-config-set securitydomain.checkinterval 300000 $ pki-server ca-config-set securitydomain.flushinterval 86400000 $ pki-server ca-config-set securitydomain.source ldap
To register the subsystem into the security domain:
$ pki-server sd-subsystem-add \
--subsystem CA \
--hostname pki.example.com \
--unsecure-port 8080 \
--secure-port 8443 \
--domain-manager \
"CA pki.example.com 8443"
To configure a subsystem (e.g. KRA) as a security domain member:
$ pki-server kra-config-set securitydomain.select existing $ pki-server kra-config-set securitydomain.name EXAMPLE $ pki-server kra-config-set securitydomain.host ca.example.com $ pki-server kra-config-set securitydomain.httpport 8080 $ pki-server kra-config-set securitydomain.httpsadminport 8443
To register the subsystem into the security domain:
$ pki-server sd-subsystem-add \
--subsystem KRA \
--hostname kra.example.com \
--unsecure-port 8080 \
--secure-port 8443 \
"KRA kra.example.com 8443"
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |