Creating Token Key Service Agents And Administrators - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual

Chapter 8. Token Key Service
4. Restart the TKS instance.
/etc/init.d/rhpki-tks restart
5. Update the CS.cfg for every Token Processing System (TPS) which uses the
edited TKS instance. Set the requiredVersion parameter and enable key
upgrade in all profiles with the parameters update.symmetricKeys.enable and
update.symmetricKeys.requiredVersion in the parameter name. For example:
# note that the "requiredVersion" needs to map with the version number
# specified in the mk_mappings parameter of TKS's CS.cfg
op.enroll.userKey.update.symmetricKeys.enable=true
op.enroll.userKey.update.symmetricKeys.requiredVersion=2
6. Restart the TPS instance.
/etc/init.d/rhpki-tps restart

8.5. Creating Token Key Service Agents and Administrators

When the subsystem is configured, there is a default user created with both administrator and agent
privileges.This user can perform both administrator and agent operations and access the Console and
the agent services page.
To create an additional administrator, agent, or auditor, create a user in the Certificate System instance
where the user will have privileges and assign the user to the appropriate group. An agent or auditor
must have a certificate stored in the subsystem's internal database. If the Console is configured for
SSL client authentication, all administrators must also a certificate.
To create a new user entry, do the following:
1. Log into the administrative console.
pkiconsole https://server.example.com:12443/tks
2. In the Configuration tab, select Users and Groups. Click Add.
3. Fill in the information in the Edit User Information dialog.
186