Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 123

maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="SSL"
5. Open the profile selection template.
vim /var/lib/instance_name/web-apps.ee/ca/ee/ca/ProfileSelect.template
6. Replace value in the uri line with the URL to the agent port. The original line is:
uri = 'profileSubmitSSLClient';
The updated line will look like the following:
uri = 'https://server.example.com:9444/ca/ee/ca/profileSubmitSSLClient';
7. Create a new end-entities web services directory to contain the files for the new URL referenced in
the ProfileSelect.template file.
mkdir -p /var/lib/instance_name/webapps/ca/ee/ca
cp /var/lib/instance_name/webapps.ee/ca/ee/ca/ProfileSubmit.template /var/
lib/instance_name/webapps/ca/ee/ca
cp /var/lib/instance_name/webapps.ee/ca/ee/ca/ProfileSubmit.html /var/lib/instance_name/
webapps/ca/ee/ca/ProfileSubmit.html
chown -R pkiuser: /var/lib/instance_name/webapps/ca/ee
8. Restart the CA. For example:
/etc/init.d/rhpki-ca restart
3.11.4.2. Updating the DRM
1. Update the NSS packages by installing the system nss packages.
up2date nss
2. First, in the CA, edit the CS.cfg file to contain the connector information with the agent's SSL
port. For example:
vim /var/lib/rhpki-ca/conf/CS.cfg
ca.connector.KRA.port=10443
3. Then, for the DRM, open the server.xml file.
vim /var/lib/rhpki-kra/conf/server.xml
4. Change the clientAuth directive in the agent connector to true. For example:
Redirecting Subsystem Communications to Secure End-Entities Port
101