Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 124

Chapter 3. Administrative Basics
<Connector name="Agent" port="10443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="SSL"
5. Restart the subsystem. For example:
/etc/init.d/rhpki-kra restart
3.11.4.3. Updating the OCSP and TKS
1. Update the NSS packages by installing the system nss packages.
up2date nss
2. Open the server.xml file.
vim /var/lib/instance_name/conf/server.xml
3. Change the clientAuth directive in the agent connector to true. For example:
<Connector name="Agent" port="11443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="SSL"
4. Restart the subsystem. For example:
/etc/init.d/rhpki-ocsp restart
3.11.4.4. Updating the TPS
1. Update the NSS packages by installing the system nss packages and install the new TPS
packages.
up2date nss pki-tps
2. On Linux systems only. For an existing subsystem, edit the init script to preload the system NSS
library rather than dirsec-nss.
vim /etc/init.d/instance_name
3. Remove the line:
LD_PRELOAD="/usr/lib64/dirsec/libssl3.so ${LD_PRELOAD}"
Replace it with the following:
102