Table of Contents
Advertisement
Chapter 5. Creating Additional Subsystem Instances
5.3. Running pkicreate with Port Separation
To create an instance with three separate ports for the different subsystem services, run pkicreate
with three options which specify the services ports: -admin_secure_port, -agent_secure_port,
and -ee_secure_port. For CAs only, there is an additional port for end-entity client authentication, -
ee_secure_client_auth_port.
Separated SSL ports is the default instance configuration because it is more secure than using a
single SSL port.
1. Run the pkicreate command. For example:
pkicreate -pki_instance_root=/var/lib/pki-ca2 -subsystem_type=ca -pki_instance_name=pki-
ca2 -admin_secure_port=9545 -agent_secure_port-9544 -ee_secure_port=9543 -
ee_secure_client_auth_port=9546 -unsecure_port=9180 -tomcat_server_port=1802 -verbose
2. When the instance is successfully created, the process returns a URL for the HTML configuration
page. For example:
http://server.example.com:10180/kra/admin/console/config/login?pin=nt2z2keqcqAZiBRBGLDf
TIP
The configuration URL is written to the end of the instance's installation file, /var/
log/subsystem_name-install.log. This log is also useful for debugging an
instance.
3. Open the new instance URL, and go through the configuration wizard as described in
Installation and
Configuration. Supply the security domain, CA, instance ID, internal LDAP
database, and agent information.
4. When the configuration is complete, restart the subsystem.
service subsystem_name restart
For more information on the pkicreate tool options, see the Certificate System Command-Line Tools
Guide.
78
Chapter 3,
Advertisement
Table of Contents
