Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 168

Chapter 5. Registration Authority
i. Change "/admin/ca/registerRaUser" to "/admin/ca/registerRa2User".
j. Save and close the file.
6. Use the following command to restart the CA:
/etc/rc.d/init.d/rhpki-ca restart
The following procedure describes how to create a new RA instance, and must be performed on the
server that hosts the RA. You need administrator privileges to the system and also to the RA to perfom
this procedure.
Procedure 5.3. Create the new RA instance
1. Use the following command to create a new RA instance. Notice that this command uses
backslash (\) characters for line formatting. You must enter this command all on one line. Note
that this instance uses different port numbers from the original RA:
# pkicreate -pki_instance_root=/var/lib \
-subsystem_type=ra -pki_instance_name=rhpki-ra2 -secure_port=12899 \
-unsecure_port=12898
2. Edit the configuration file for the new RA instance:
cd /var/lib/rhpki-ra2/conf/
vi CS.cfg
3. Locate the "registerRaUser" string and change it to "registerRa2User". Refer to the example
below:
conn.ca1.servlet.addagent=/ca/admin/ca/registerRa2User
4. Update the CS configuration file to point to the new enrollment profile and new authentication
instance as follows:
In the /var/lib/rhpki-ra2/conf/CS.cfg file, locate "caDualRAuserCert" and change it to
"caDualRA2userCert".
Do this for both the request.user.approve_request.0.profileId and the
request.renewal.approve_request.0.profileId request queue parameters.
5. Use the following command to restart the new RA instance:
# /etc/rc.d/init.d/rhpki-ra2 restart
6. Navigate to the URL generated at the end of the pkicreate command to configure RA2.
146
-verbose -user=pkiuser -group=pkiuser