Red Hat CERTIFICATE SYSTEM 8 Install Manual page 41

If the Red Hat Directory Server instances is on a different server or network than
the Certificate System subsystem, then make sure that the Certificate System host's
firewall allows access to whatever LDAP port was set in the previous configuration
panel.
Installation will not complete if iptables is not configured properly. To configure
iptables, see the Red Hat Enterprise Linux Deployment Guide, such as
iptables."
7. Select the token which will store the Certificate System certificates and keys; a list of detected
hardware tokens and databases is given.
IMPORTANT
Any hardware tokens used with the instance must be configured before configuring
the subsystem instance. If the HSM is not properly configured, it may not be listed in
the key stores panel or the instance may not function properly. HSM configuration is
described in
To determine whether a token is detected by the Certificate System, use the TokenInfo tool, as
Section 2.5.4, "Detecting
described in
The Certificate System automatically discovers Safenet's LunaSA and nCipher's netHSM
hardware security modules. The discovery process assumes that the client software installations
for these modules are local to the Certificate System subsystem and are in the following locations:
2
It is also possible to simply turn iptables off.
Section 2.5.2, "Using Hardware Security Modules with
Tokens".
Configuring a CA
"Using
Subsystems".
31