Configuring A Tps - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

/etc/init.d/rhpki-kra restart

2.6.3. Configuring a TPS

1. Open the configuration wizard. When the instance is installed, the process returns a success
message which includes a URL with the login PIN. For example:
http://server.example.com:7888/tps/admin/console/config/login?pin=kI7E1MByNIUcPJ6RKHmH
Using this URL skips the login screen.
Alternatively, log into the setup wizard through admin link on the services page and supply the
preop.pin value from the CS.cfg file when prompted.
http://server.example.com:7888/tps/services
2. Join an existing security domain. Supply the hostname and SSL port of the CA which hosts the
domain. When the CA is successfully contacted, then supply the admin username and password
for the CA so that it can be properly accessed.
3. Enter a name for the new instance.
4. Supply the CA information for the Certificate System CA which will be used to issue and revoke
certificates for token operations requested through the TPS subsystem.
5. Supply information about the TKS which will manage the TPS keys. Select the TKS from the drop-
down menu of TKS subsystems within the security domain.
6. There is an option for server-side key generation for tokens enrolled through the TPS. If server-
side key generation is selected, supply information about the DRM which will be used to generate
keys and archive encryption keys. Key and certificate recovery is initiated automatically through
the TPS, which is a DRM agent. Select the DRM from the drop-down menu of DRM subsystems
within the security domain.
7. Fill in the information for the LDAP server which will authenticate the subsystem's users. This
requires connection information for the Directory Server instance, such as the hostname, port
number, bind DN (username), and password. This step also creates a database in the Directory
Server and a corresponding base directory entry (base DN) to use for the subsystem's entries.
8. Select the key store token; a list of detected hardware tokens and databases is given.
To determine whether a token is detected by the Certificate System, use the TokenInfo tool. For
more information on this tool, see the Certificate System Command-Line Tools Guide.
9. Set the key size.
10. Select the CA which will generate the subsystem certificates; to use a Certificate System CA,
select the CA from the drop-down menu of the CAs configured within the security domain.
To select and external CA, select the External CA radio button and supply the appropriate
information.
Optionally, give subject names to the listed certificates.
Configuring a TPS
51