diff options
author | Abhishek Koneru <akoneru@redhat.com> | 2013-03-15 11:41:40 -0400 |
---|---|---|
committer | Abhishek Koneru <akoneru@redhat.com> | 2013-03-22 13:48:46 -0400 |
commit | e21d70e294557cf04518159b2d3c8aadb89286ab (patch) | |
tree | ed8ff102d179de4ddda22219e15d08a7f4995d87 /base | |
parent | 4bc8e8ea1823d09d4877ee301e29564244e234d4 (diff) | |
download | pki-e21d70e294557cf04518159b2d3c8aadb89286ab.tar.gz pki-e21d70e294557cf04518159b2d3c8aadb89286ab.tar.xz pki-e21d70e294557cf04518159b2d3c8aadb89286ab.zip |
Minor fixes to pkispawn man page.
Updating the sample configuration file entries in
default CA and subordinate CA installation. Added
sample configuration files for each installation type
mentioned in the man page.
Tickets #509, #525
Diffstat (limited to 'base')
-rw-r--r-- | base/deploy/config/sample.cfg | 3 | ||||
-rw-r--r-- | base/deploy/config/sampleCAclone.cfg | 16 | ||||
-rw-r--r-- | base/deploy/config/sampleExternalSignedCA-step1.cfg | 11 | ||||
-rw-r--r-- | base/deploy/config/sampleExternalSignedCA-step2.cfg | 13 | ||||
-rw-r--r-- | base/deploy/config/sampleKRA.cfg | 13 | ||||
-rw-r--r-- | base/deploy/config/sampleKRAclone.cfg | 17 | ||||
-rw-r--r-- | base/deploy/config/sampleSubordinateCA.cfg | 14 | ||||
-rw-r--r-- | base/deploy/man/man8/pkispawn.8 | 17 |
8 files changed, 101 insertions, 3 deletions
diff --git a/base/deploy/config/sample.cfg b/base/deploy/config/sample.cfg index a4a6f68c2..f4b3e523d 100644 --- a/base/deploy/config/sample.cfg +++ b/base/deploy/config/sample.cfg @@ -3,4 +3,5 @@ pki_admin_password= pki_backup_password= pki_client_pkcs12_password= pki_ds_password= -pki_security_domain_password= +##Required for all subsystems that are not root CAs +#pki_security_domain_password= diff --git a/base/deploy/config/sampleCAclone.cfg b/base/deploy/config/sampleCAclone.cfg new file mode 100644 index 000000000..afacc64a2 --- /dev/null +++ b/base/deploy/config/sampleCAclone.cfg @@ -0,0 +1,16 @@ +[DEFAULT] +pki_admin_password= +pki_backup_password= +pki_client_pkcs12_password= +pki_ds_password= +pki_security_domain_password= +pki_security_domain_hostname= +pki_security_domain_https_port= +pki_security_domain_user= + +[CA] +pki_clone=True +pki_clone_pkcs12_password= +pki_clone_pkcs12_path= +pki_clone_replicate_schema= +pki_clone_uri=
\ No newline at end of file diff --git a/base/deploy/config/sampleExternalSignedCA-step1.cfg b/base/deploy/config/sampleExternalSignedCA-step1.cfg new file mode 100644 index 000000000..7b72e5f83 --- /dev/null +++ b/base/deploy/config/sampleExternalSignedCA-step1.cfg @@ -0,0 +1,11 @@ +[DEFAULT] +pki_admin_password= +pki_backup_password= +pki_client_pkcs12_password= +pki_ds_password= +pki_security_domain_password= + +[CA] +pki_external=True +pki_external_csr_path= +pki_ca_signing_subject_dn=
\ No newline at end of file diff --git a/base/deploy/config/sampleExternalSignedCA-step2.cfg b/base/deploy/config/sampleExternalSignedCA-step2.cfg new file mode 100644 index 000000000..b90d301c3 --- /dev/null +++ b/base/deploy/config/sampleExternalSignedCA-step2.cfg @@ -0,0 +1,13 @@ +[DEFAULT] +pki_admin_password= +pki_backup_password= +pki_client_pkcs12_password= +pki_ds_password= +pki_security_domain_password= + +[CA] +pki_external=True +pki_external_ca_cert_chain_path= +pki_external_ca_cert_path= +pki_external_step_two=True +pki_ca_signing_subject_dn=
\ No newline at end of file diff --git a/base/deploy/config/sampleKRA.cfg b/base/deploy/config/sampleKRA.cfg new file mode 100644 index 000000000..9752e1077 --- /dev/null +++ b/base/deploy/config/sampleKRA.cfg @@ -0,0 +1,13 @@ +[DEFAULT] +pki_admin_password= +pki_backup_password= +pki_client_pkcs12_password= +pki_ds_password= +pki_security_domain_password= +pki_security_domain_hostname= +pki_security_domain_https_port= +pki_security_domain_user= +pki_issuing_ca_uri= + +[KRA] +pki_import_admin_cert=
\ No newline at end of file diff --git a/base/deploy/config/sampleKRAclone.cfg b/base/deploy/config/sampleKRAclone.cfg new file mode 100644 index 000000000..3584c41a9 --- /dev/null +++ b/base/deploy/config/sampleKRAclone.cfg @@ -0,0 +1,17 @@ +[DEFAULT] +pki_admin_password= +pki_backup_password= +pki_client_pkcs12_password= +pki_ds_password= +pki_security_domain_password= +pki_security_domain_hostname= +pki_security_domain_https_port= +pki_security_domain_user= + +[KRA] +pki_clone=True +pki_clone_pkcs12_password= +pki_clone_pkcs12_path= +pki_clone_replicate_schema= +pki_clone_uri= +pki_issuing_ca=
\ No newline at end of file diff --git a/base/deploy/config/sampleSubordinateCA.cfg b/base/deploy/config/sampleSubordinateCA.cfg new file mode 100644 index 000000000..e42a42ff8 --- /dev/null +++ b/base/deploy/config/sampleSubordinateCA.cfg @@ -0,0 +1,14 @@ +[DEFAULT] +pki_admin_password= +pki_backup_password= +pki_client_pkcs12_password= +pki_ds_password= +pki_security_domain_password= +pki_security_domain_hostname= +pki_security_domain_https_port= +pki_security_domain_user= + +[CA] +pki_subordinate=True +pki_issuing_ca= +pki_ca_signing_subject_dn=
\ No newline at end of file diff --git a/base/deploy/man/man8/pkispawn.8 b/base/deploy/man/man8/pkispawn.8 index c5361c3b0..b2a0134f3 100644 --- a/base/deploy/man/man8/pkispawn.8 +++ b/base/deploy/man/man8/pkispawn.8 @@ -94,7 +94,6 @@ pki_admin_password=\fIpassword123\fP pki_backup_password=\fIpassword123\fP pki_client_pkcs12_password=\fIpassword123\fP pki_ds_password=\fIpassword123\fP -pki_security_domain_password=\fIpassword123\fP .fi .PP Prior to running this command, a Directory Server instance should be created and running. This command assumes that the Directory Server instance is using its default configuration: @@ -115,7 +114,18 @@ To access the agent pages, first import the CA certificate by accessing the CA E .SS KRA, OCSP, or TKS using default configuration \x'-1'\fBpkispawn -s <subsystem> -f myconfig.txt\fR .PP -where subsystem is KRA, OCSP, or TKS, and \fImyconfig.txt\fP is the same as the one used for the default CA example. This command should be run after a CA is installed. This installs another subsystem within the same default instance using the certificate generated for the CA administrator for the subsystem's administrator. This allows a user to access both subsystems on the browser with a single administrator certificate. To access the new subsystem's functionality, simply point the browser to https://<hostname>:8443 and click the relevant top-level links. +where subsystem is KRA, OCSP, or TKS, and \fImyconfig.txt\fP contains the following text: +.IP +.nf +[DEFAULT] +pki_admin_password=\fIpassword123\fP +pki_backup_password=\fIpassword123\fP +pki_client_pkcs12_password=\fIpassword123\fP +pki_ds_password=\fIpassword123\fP +pki_security_domain_password=\fIpassword123\fP +.fi +.PP +The \fBpki_security_domain_password\fP is the admin password of the CA installed in the same default instance. This command should be run after a CA is installed. This installs another subsystem within the same default instance using the certificate generated for the CA administrator for the subsystem's administrator. This allows a user to access both subsystems on the browser with a single administrator certificate. To access the new subsystem's functionality, simply point the browser to https://<hostname>:8443 and click the relevant top-level links. .SS KRA, OCSP, or TKS connecting to a remote CA \x'-1'\fBpkispawn -s <subsystem> -f myconfig.txt\fR .PP @@ -217,9 +227,12 @@ pki_security_domain_user=caadmin [CA] pki_subordinate=True pki_issuing_ca=https://<master_ca_hostname>:<master_ca_https_port> +pki_ca_signing_subject_dn=cn=CA Subordinate Signing ,o=example.com .fi .PP A sub-CA derives its certificate configuration -- such as allowed extensions and validity periods -- from a superior or root CA. Otherwise, the configuration of the CA is independent of the root CA, so it is its own instance rather than a clone. A sub-CA is configured using the pki_subordinate parameter and a pointer to the CA which issues the sub-CA's certificates. +.PP +\fBNote:\fP The value of \fBpki_ca_signing_subject_dn\fP of a subordinate CA should be different from the root CA's signing subject DN. .SS Installing an externally signed CA \x'-1'\fBpkispawn -s CA -f myconfig.txt\fR .PP |