From Fedora Project Wiki


Dogtag Certificate System setup and configuration

How to test

  1. First, prerequisites, Java OpenJDK, 389-ds-base needs to be installed.And configure the basic DS instance using all defaults)
    $ yum install java-1.6.0-openjdk
    $ yum install 389-ds-base
    $ /usr/sbin/
  2. Next,is to install all main dogtag PKI packages
    yum install pki-ca pki-ra pki-kra pki-ocsp pki-tks pki-tps pki-console --enablerepo=updates-testing
  3. Next, Once installed, create instances for each subsystem using the /usr/bin/pkicreate command(see pkicreate --help for more). The below is an example of creating an instance of CA(Certificate Authority) subsystem
    pkicreate -pki_instance_root=/var/lib \
    -pki_instance_name=pki-ca \
    -subsystem_type=ca \
    -agent_secure_port=9443 \
    -ee_secure_port=9444 \
    -admin_secure_port=9445 \
    -unsecure_port=9180 \
    -tomcat_server_port=9701 \
    -user=pkiuser \
    -group=pkiuser \
    -redirect conf=/etc/pki-ca \
    -redirect logs=/var/log/pki-ca \
  4. Once the instance creation is finished from step-1, go through configuration wizard for CA and finish installation (or use the pkisilent script to silently configure. see 'pki-silent' package and it's template file '/usr/share/pki/silent/pki_silent.template' )

Silent script for CA: Note-replace the -bind_password appropriately from your step-1 
  • Now, try to Configure the rest of the subsystems(RA,OCSP,KRA,TKS,TPS) by creating instances using 'pkicreate' (again see 'pkicreate' syntax for help)

Expected Results

The following must be true to consider this a successful test run. Be brief ... but explicit.

  1. Step #1 completes without error
  2. Step #2 completes without error
  3. Step #3 CA Instance gets created successfully
  4. Step #4 CA instance should be configured fine(and respectively other subsystems)