Configuring Multiple Support Subsystem Instances For Different Functions - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

Hide thumbs Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
Table of Contents

Advertisement

Chapter 5. Using and Configuring the Token Management System: TPS, TKS, and Enterprise Security Client
Parameter
conn.drm1.servlet.TokenKeyRecovery
Table 5.13. DRM Connection Settings
5.8.2. Configuring Multiple Support Subsystem Instances for
Different Functions
Along with configuring multiple instances for failover support, the TPS can be configured to use
multiple instances of a subsystem to perform different functions for different TPS profiles. For instance,
the TPS can be configured to use CA1 to enroll temporary tokens (type userKeyTemporary) and
CA2 to enroll regular tokens (type userKey).
1. Open the TPS CS.cfg file.
2. Create additional instance entries.
Each subsystem configured for the TPS has its own set of parameters, beginning with
conn.subsystem#. To configure multiple instances of a subsystem, create a new set of
connection parameters, and increment the #. For example:
conn.ca1.clientNickname=subsystemCert cert-pki-tps
conn.ca1.hostport=aCA.example.com:9443
conn.ca1.keepAlive=true
conn.ca1.retryConnect=3
conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient
conn.ca1.servlet.revoke=/ca/subsystem/ca/doRevoke
conn.ca1.servlet.unrevoke=/ca/subsystem/ca/doUnrevoke
conn.ca1.timeout=100
conn.ca2.clientNickname=subsystemCert cert-pki-tps
conn.ca2.hostport=bCA.example.com:9543
conn.ca2.keepAlive=true
conn.ca2.retryConnect=3
conn.ca2.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient
conn.ca2.servlet.revoke=/ca/subsystem/ca/doRevoke
conn.ca2.servlet.unrevoke=/ca/subsystem/ca/doUnrevoke
conn.ca2.timeout=100
3. Set up the operation parameters to use the different instances to perform the different TPS
functions.
The parameters for the different operations set the type of operation, the type of token profile, the
subsystem type, and other parameters specific to the operation and the subsystem type.
For example, the TKS subsystem connection to use for regular enrollment operations would be as
follows:
op.enroll.userKey.tks.conn=tks1
The CA configuration parameters to enroll and format that kind of token are as follows:
op.enroll.userKey.keyGen.encryption.ca.conn=ca1
op.enroll.userKey.keyGen.signing.ca.conn=ca2
op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca2
op.format.tokenKey.ca.conn=ca1
166
Description
The servlet for handling smart card key recovery; for example, /kra/agent/kra/Token

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?

Subscribe to Our Youtube Channel

Table of Contents