Running Pkicreate For A Single Ssl Port - Red Hat CERTIFICATE SYSTEM 8 Install Manual

Hide thumbs Also See for CERTIFICATE SYSTEM 8:

Manual (86 pages)

Deployment manual (114 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

page of 132

/ 132
Contents
Table of Contents
Bookmarks

Table of Contents

Parameter

tomcat_server_port

redirect_conf

redirect_logs

user

group

The ports selected for the new instance should not conflict with any other ports assigned on the host or SELinux. Check the /

etc/services file to see port assignments for the system. Then, run semanage port -l |grep port# to check SELinux; if

there is no output, then there is no conflict with SELinux assignments.

Table 5.1. pkicreate Parameters

For more information on the pkicreate tool options, see the Certificate System Command-Line Tools

Guide.

5.2. Running pkicreate for a Single SSL Port

1. Run the pkicreate command, specifying the type of subsystem being created, the configuration

directory, instance name, and port numbers. For example, this created a second DRM instance:

pkicreate -pki_instance_root=/var/lib/pki-drm2 -subsystem_type=kra -pki_instance_name=pki-

drm2 -secure_port=10543 -unsecure_port=10180 -tomcat_server_port=1802 -verbose

2. When the instance is successfully created, the process returns a URL for the HTML configuration

page. For example:

http://server.example.com:10180/kra/admin/console/config/login?pin=nt2z2keqcqAZiBRBGLDf

TIP

The configuration URL is written to the end of the instance's installation file, /var/

log/subsystem_name-install.log. This log is also useful for debugging an

instance.

3. Open the new instance URL, and go through the configuration wizard as described in

Installation and

Configuration. Supply the security domain, CA, instance ID, internal LDAP

database, and agent information.

4. When the configuration is complete, restart the subsystem.

service instance_ID restart

Running pkicreate for a Single SSL Port

Description

recommended that administrators set this value

to make sure there are no conflicts with SELinux

labels for other services.

Sets the port number for the Tomcat web server

for OCSP, TKS, and DRM instances.

Sets the location for the configuration files for the

new instance.

Sets the location for the log files for the new

instance.

Sets the user as which the Certificate System

instance will run. This option must be set.

Sets the group as which the Certificate System

instance will run. This option must be set.

Chapter 3,

Table of Contents

This manual is also suitable for:

System 8 - install guide 25-03-2010

Running Pkicreate For A Single Ssl Port - Red Hat CERTIFICATE SYSTEM 8 Install Manual

5.2. Running pkicreate for a Single SSL Port

Related Manuals for Red Hat CERTIFICATE SYSTEM 8

Related Content for Red Hat CERTIFICATE SYSTEM 8

This manual is also suitable for:

Table of Contents