Directory Structure; Configuration Parameters - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

Chapter 5. Registration Authority
• Server Certificate — this is used to communicate with RA users. (This is the server identity of the
RA.)
• Subsystem Certificate — this is used to communicate with the CA. (This is the client identity of the
RA.)
Multiple RA instances can communicate with a single CA. Additional RA instances can be created
using the /usr/bin/pkicreate command.
Note
Unlike the CA, the RA uses SQLite as the persistent store for internal data such as
requests and user information.

5.2.2. Directory Structure

The following tables list and describe the principle files and directories that comprise the RA:
Directory
/var/lib/rhpki-ra
/var/lib/rhpki-ra/conf
/var/lib/rhpki-ra/logs
/var/lib/rhpki-ra/alias
/var/lib/rhpki-ra/docroot/ee
/var/lib/rhpki-ra/docroot/agent
/var/lib/rhpki-ra/docroot/admin
Table 5.1. Principle RA Directories
File
/etc/init.d/rhpki-ra
/var/lib/rhpki-ra/conf/CS.cfg
Table 5.2. Principle RA Files
Note
The paths described here are those used for a default RA instance. Administrators have
the option of using the pkicreate command to create further RA instances anywhere on
the system.

5.2.3. Configuration Parameters

This section describes various configuration parameters that are used when setting up the RA. These
parameters are specified in the /var/lib/rhpki-ra/conf/CS.cfg file.
admin.authorized_groups
Specifies the groups of users who have permission to access the Administration interface.
Example:
140
Description
Main instance directory
Configuration directory
Logs directory
NSS security database where keys and certificates are stored
CGIs and templates for end-users (EE)
CGIs and templates for agents
CGIs and templates for administrators
Description
Start/stop script
Main configuration file