Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 312

Chapter 12. Editing Configuration in the CS.cfg File
e. Remove the temporary file.
crm -rf /tmp/dtomcat5-pki-old
6. Create a new HTTP init.d file for the instance.
a. Copy the current httpd file in /usr/share/pki/type/etc/init.d. For example:
cp /usr/share/pki/ca/etc/init.d/httpd /tmp/pki-ca-old
b. Edit the copied httpd (such as /tmp/pki-ca-old) to supply the subsystem information.
For example:
sed -i 's/\[PKI_SUBSYSTEM_TYPE\]/ca/g' /tmp/pki-ca-old
sed -i 's/\[PKI_INSTANCE_PATH\]/\/var\/lib\/pki-ca-old/g' /tmp/pki-ca-old
sed -i 's/\[PKI_INSTANCE_ID\]/pki-old/g' /tmp/pki-ca-old
sed -i 's/\[PKI_FLAVOR\]/pki/g' /tmp/pki-ca-old
sed -i 's/\[PKI_USER\]/pkiuser/g' /tmp/pki-ca-old
sed -i 's/\[PKI_GROUP\]/pkiuser/g' /tmp/pki-ca-old
sed -i 's/\[PKI_SERVER_XML_CONF\]/\/var\/lib\/pki-ca-old\/conf\/server.xml/g' /tmp/
pki-ca-old
c. Copy the file into the /etc/init.d/ directory.
cp /tmp/pki-ca-old /etc/init.d
d. Set the proper file owner and permissions for the file.
chown pkiuser: /etc/init.d/pki-ca-old
chmod 770 /etc/init.d/pki-ca-old
e. Remove the temporary file.
crm -rf /tmp/pki-ca-old
7. Edit the server.xml file. For each configured connector, add the configFile attribute:
configFile="/var/lib/subsystem_name/conf/CS.cfg"
The CA, DRM, TKS, and OCSP subsystems have three connectors each. A quick way to edit the
file is to add the configFile attribute after every passwordFile attribute.
8. Note the contents of the password.conf file, and then delete it.
rm -rf /var/lib/subsystem_name/conf/password.conf
12.3.3.3. Configuring Existing TPS Instances to Prompt for Passwords
Existing TPS subsystem instances can be configured to prompt for passwords rather than using
password.conf. This requires a few additional steps to set up.
290