Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 311
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
# adding this line to enable password prompts
NSSPassPhraseDialog
12.3.3.2. Configuring Existing CA, DRM, TKS, and OCSP Instances to
Prompt for Passwords
Existing subsystem instances can be configured to prompt for passwords rather than using
password.conf. This requires a few additional steps to set up.
1. Make sure all of the Certificate System packages have been installed and updated.
2. Stop the instance.
service subsystem_name stop
3. Back up the instance. For example:
cp -R /var/lib/pki-ca-old /var/lib/pki-ca-old.bkup
4. Add the cms.passwordlist parameter to the instance's CS.cfg file.
vim /var/lib/subsystem_name/conf/CS.cfg
cms.passwordlist=internaldb,replicationdb
If publishing has been enabled, then make sure the LDAP publishing password is listed. For
example:
cms.passwordlist=internaldb,replicationdb,CA LDAP Publishing
5. Create a new dtomcat5 file for the instance.
a. Copy the current file in /usr/share/pki/type/conf. For example:
/usr/share/pki/ca/conf/dtomcat5 /tmp/dtomcat5-pki-old
b. Edit the copied dtomcat5-name file to supply the subsystem information. For example:
sed -i 's/\[PKI_SUBSYSTEM_TYPE\]/ca/g' /tmp/dtomcat5-pki-old
sed -i 's/\[PKI_INSTANCE_PATH\]/\/var\/lib\/pki-old/g' /tmp/dtomcat5-pki-old
sed -i 's/\[PKI_INSTANCE_ID\]/pki-old/g' /tmp/dtomcat5-pki-old
c. Copy the file into the /usr/bin directory.
cp /tmp/dtomcat5-pki-old /usr/bin
d. Set the proper file owner and permissions for the file.
chown pkiuser: /usr/bin/dtomcat5-pki-old
chmod 770 /usr/bin/dtomcat5-pki-old
builtin
Requiring System Password Prompts
289
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?