Installation And Configuration; Deployment Considerations - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

Chapter 2.

Installation and Configuration

The Certificate System is comprised of subsystems which can be independently installed on different
servers, multiple instances installed on a single server, and other flexible configurations for availability,
scalability, and failover support. The procedures for downloading, installing, and configuring instances
of Certificate System subsystems are described in this chapter.
The Certificate System servers include five subsystems:
• Certificate Authority (CA)
• Data Recovery Manager (DRM), sometimes referred to as a Key Recovery Authority (KRA)
• Online Certificate Status Protocol (OCSP) Responder
• Token Key Service (TKS)
• Token Processing System (TPS)
The Certificate System client is the Enterprise Security Client. For information about the Enterprise
Security Client, see the Certificate System Enterprise Security Client Guide.
There are two steps for installing the Certificate System: the first is installing the server packages, and
the second is configuring the subsystem through the HTML-based configuration wizard.
The installation and configuration process for the Certificate System is as follows:
1. Install a Red Hat Directory Server. This can be on a different machine from the Certificate System,
which is the recommended scenario for most deployments.
2. Download the Certificate System packages from the Red Hat Network channel. Each subsystem
has its own packages, as well as dependencies and related packages. These are listed in
Section 2.2.3, "Packages
3. Install the Certificate System CA subsystem. See
for complete instructions on installing the CA.
4. Configure the CA subsystem. For information on configuring the Certificate Manager (CA)
Section 2.6, "Configuring the Default Subsystem
subsystem, see
5. Install the other Certificate System subsystems on the appropriate hosts. See
"Installing the Certificate System "
6. Configure each subsystem through its HTML administrative services page. Go through the
installation screens. When completed, all necessary CA, server, and agent and user certificates
are generated and installed.
Section 2.6, "Configuring the Default Subsystem Instances"
See
subsystem configuration pages.

2.1. Deployment Considerations

Before beginning installation, the following issues must be decided:
• What types of subsystems to install.
Installed".
for complete instructions on installing the subsystems.
Section 2.5, "Installing the Certificate System "
Instances".
for more information on the
Section 2.5,
23