Configuring A Drm, Ocsp, Or Tks - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

Chapter 2. Installation and Configuration

2.6.2. Configuring a DRM, OCSP, or TKS

1. Open the configuration wizard. When the instance is installed, the process returns a success
message which includes a URL with the login PIN. For example:
http://server.example.com:10080/kra/admin/console/config/login?pin=kI7E1MByNIUcPJ6RKHmH
Using this URL skips the login screen.
Alternatively, log into the setup wizard through admin link on the services page and supply the
preop.pin value from the CS.cfg file when prompted.
http://server.example.com:10080/kra/services
2. Join an existing security domain. Supply the hostname and SSL port of the CA which hosts the
domain. When the CA is successfully contacted, then supply the admin username and password
for the CA so that it can be properly accessed.
3. Enter a name for the new instance.
4. Fill in the information for the LDAP server which will authenticate the subsystem's users. This
requires connection information for the Directory Server instance, such as the hostname, port
number, bind DN (username), and password. This step also creates a database in the Directory
Server and a corresponding base directory entry (base DN) to use for the subsystem's entries.
5. Select the key store token; a list of detected hardware tokens and databases is given.
To determine whether a token is detected by the Certificate System, use the TokenInfo tool. For
more information on this tool, see the Certificate System Command-Line Tools Guide.
6. Set the key size. The default RSA key size is 2048.
7. Select the CA which will generate the subsystem certificates; to use a Certificate System CA,
select the CA from the drop-down menu of the CAs configured within the security domain.
Optionally, give subject names to the listed certificates.
8. The next panels generate and show certificate requests, certificates, and key pairs.
If an external CA is used to issue the certificates, configuration cannot go forward until they
are received from the CA. When they are issued, paste the certificates into this panel to add
them to the subsystem database, and then proceed with the installation. Click Apply to view the
certificates as they are imported.
9. If the subsystem will every be cloned, or as a protection if keys or certificates are ever lost, back
up the keys and certificates when prompted.
10. Give the information for the new subsystem administrator.
11. Click Next through the remaining panels to import the agent certificate into the browser and
complete the configuration.
12. When the configuration is complete, restart the subsystem.
50