Minor fixes to pkispawn man page.

Updating the sample configuration file entries in default CA and subordinate CA installation. Added sample configuration files for each installation type mentioned in the man page. Tickets #509, #525
author: Abhishek Koneru <akoneru@redhat.com> 2013-03-15 11:41:40 -0400
committer: Abhishek Koneru <akoneru@redhat.com> 2013-03-22 13:48:46 -0400
commit: e21d70e294557cf04518159b2d3c8aadb89286ab (patch)
tree: ed8ff102d179de4ddda22219e15d08a7f4995d87 /base
parent: 4bc8e8ea1823d09d4877ee301e29564244e234d4 (diff)
download: pki-e21d70e294557cf04518159b2d3c8aadb89286ab.tar.gz
pki-e21d70e294557cf04518159b2d3c8aadb89286ab.tar.xz
pki-e21d70e294557cf04518159b2d3c8aadb89286ab.zip
8 files changed, 101 insertions, 3 deletions
diff --git a/base/deploy/config/sample.cfg b/base/deploy/config/sample.cfg
index a4a6f68c2..f4b3e523d 100644
--- a/base/deploy/config/sample.cfg
+++ b/base/deploy/config/sample.cfg
@@ -3,4 +3,5 @@ pki_admin_password=
 pki_backup_password=
 pki_client_pkcs12_password=
 pki_ds_password=
-pki_security_domain_password=
+##Required for all subsystems that are not root CAs
+#pki_security_domain_password=
diff --git a/base/deploy/config/sampleCAclone.cfg b/base/deploy/config/sampleCAclone.cfg
new file mode 100644
index 000000000..afacc64a2
--- /dev/null
+++ b/base/deploy/config/sampleCAclone.cfg
@@ -0,0 +1,16 @@
+[DEFAULT]
+pki_admin_password=
+pki_backup_password=
+pki_client_pkcs12_password=
+pki_ds_password=
+pki_security_domain_password=
+pki_security_domain_hostname=
+pki_security_domain_https_port=
+pki_security_domain_user=
+
+[CA]
+pki_clone=True
+pki_clone_pkcs12_password=
+pki_clone_pkcs12_path=
+pki_clone_replicate_schema=
+pki_clone_uri=
+\ No newline at end of file
diff --git a/base/deploy/config/sampleExternalSignedCA-step1.cfg b/base/deploy/config/sampleExternalSignedCA-step1.cfg
new file mode 100644
index 000000000..7b72e5f83
--- /dev/null
+++ b/base/deploy/config/sampleExternalSignedCA-step1.cfg
@@ -0,0 +1,11 @@
+[DEFAULT]
+pki_admin_password=
+pki_backup_password=
+pki_client_pkcs12_password=
+pki_ds_password=
+pki_security_domain_password=
+
+[CA]
+pki_external=True
+pki_external_csr_path=
+pki_ca_signing_subject_dn=
+\ No newline at end of file
diff --git a/base/deploy/config/sampleExternalSignedCA-step2.cfg b/base/deploy/config/sampleExternalSignedCA-step2.cfg
new file mode 100644
index 000000000..b90d301c3
--- /dev/null
+++ b/base/deploy/config/sampleExternalSignedCA-step2.cfg
@@ -0,0 +1,13 @@
+[DEFAULT]
+pki_admin_password=
+pki_backup_password=
+pki_client_pkcs12_password=
+pki_ds_password=
+pki_security_domain_password=
+
+[CA]
+pki_external=True
+pki_external_ca_cert_chain_path=
+pki_external_ca_cert_path=
+pki_external_step_two=True
+pki_ca_signing_subject_dn=
+\ No newline at end of file
diff --git a/base/deploy/config/sampleKRA.cfg b/base/deploy/config/sampleKRA.cfg
new file mode 100644
index 000000000..9752e1077
--- /dev/null
+++ b/base/deploy/config/sampleKRA.cfg
@@ -0,0 +1,13 @@
+[DEFAULT]
+pki_admin_password=
+pki_backup_password=
+pki_client_pkcs12_password=
+pki_ds_password=
+pki_security_domain_password=
+pki_security_domain_hostname=
+pki_security_domain_https_port=
+pki_security_domain_user=
+pki_issuing_ca_uri=
+
+[KRA]
+pki_import_admin_cert=
+\ No newline at end of file
diff --git a/base/deploy/config/sampleKRAclone.cfg b/base/deploy/config/sampleKRAclone.cfg
new file mode 100644
index 000000000..3584c41a9
--- /dev/null
+++ b/base/deploy/config/sampleKRAclone.cfg
@@ -0,0 +1,17 @@
+[DEFAULT]
+pki_admin_password=
+pki_backup_password=
+pki_client_pkcs12_password=
+pki_ds_password=
+pki_security_domain_password=
+pki_security_domain_hostname=
+pki_security_domain_https_port=
+pki_security_domain_user=
+
+[KRA]
+pki_clone=True
+pki_clone_pkcs12_password=
+pki_clone_pkcs12_path=
+pki_clone_replicate_schema=
+pki_clone_uri=
+pki_issuing_ca=
+\ No newline at end of file
diff --git a/base/deploy/config/sampleSubordinateCA.cfg b/base/deploy/config/sampleSubordinateCA.cfg
new file mode 100644
index 000000000..e42a42ff8
--- /dev/null
+++ b/base/deploy/config/sampleSubordinateCA.cfg
@@ -0,0 +1,14 @@
+[DEFAULT]
+pki_admin_password=
+pki_backup_password=
+pki_client_pkcs12_password=
+pki_ds_password=
+pki_security_domain_password=
+pki_security_domain_hostname=
+pki_security_domain_https_port=
+pki_security_domain_user=
+
+[CA]
+pki_subordinate=True
+pki_issuing_ca=
+pki_ca_signing_subject_dn=
+\ No newline at end of file
diff --git a/base/deploy/man/man8/pkispawn.8 b/base/deploy/man/man8/pkispawn.8
index c5361c3b0..b2a0134f3 100644
--- a/base/deploy/man/man8/pkispawn.8
+++ b/base/deploy/man/man8/pkispawn.8
@@ -94,7 +94,6 @@ pki_admin_password=\fIpassword123\fP
 pki_backup_password=\fIpassword123\fP
 pki_client_pkcs12_password=\fIpassword123\fP
 pki_ds_password=\fIpassword123\fP
-pki_security_domain_password=\fIpassword123\fP
 .fi
 .PP
 Prior to running this command, a Directory Server instance should be created and running. This command assumes that the Directory Server instance is using its default configuration:
@@ -115,7 +114,18 @@ To access the agent pages, first import the CA certificate by accessing the CA E
 .SS KRA, OCSP, or TKS using default configuration
 \x'-1'\fBpkispawn -s <subsystem> -f myconfig.txt\fR
 .PP
-where subsystem is KRA, OCSP, or TKS, and \fImyconfig.txt\fP is the same as the one used for the default CA example.  This command should be run after a CA is installed.  This installs another subsystem within the same default instance using the certificate generated for the CA administrator for the subsystem's administrator.  This allows a user to access both subsystems on the browser with a single administrator certificate.  To access the new subsystem's functionality, simply point the browser to https://<hostname>:8443 and click the relevant top-level links.
+where subsystem is KRA, OCSP, or TKS, and \fImyconfig.txt\fP contains the following text: 
+.IP
+.nf
+[DEFAULT]
+pki_admin_password=\fIpassword123\fP
+pki_backup_password=\fIpassword123\fP
+pki_client_pkcs12_password=\fIpassword123\fP
+pki_ds_password=\fIpassword123\fP
+pki_security_domain_password=\fIpassword123\fP
+.fi
+.PP
+The \fBpki_security_domain_password\fP is the admin password of the CA installed in the same default instance. This command should be run after a CA is installed.  This installs another subsystem within the same default instance using the certificate generated for the CA administrator for the subsystem's administrator.  This allows a user to access both subsystems on the browser with a single administrator certificate.  To access the new subsystem's functionality, simply point the browser to https://<hostname>:8443 and click the relevant top-level links.
 .SS KRA, OCSP, or TKS connecting to a remote CA
 \x'-1'\fBpkispawn -s <subsystem> -f myconfig.txt\fR
 .PP
@@ -217,9 +227,12 @@ pki_security_domain_user=caadmin
 [CA]
 pki_subordinate=True
 pki_issuing_ca=https://<master_ca_hostname>:<master_ca_https_port>
+pki_ca_signing_subject_dn=cn=CA Subordinate Signing ,o=example.com
 .fi
 .PP
 A sub-CA derives its certificate configuration -- such as allowed extensions and validity periods -- from a superior or root CA. Otherwise, the configuration of the CA is independent of the root CA, so it is its own instance rather than a clone. A sub-CA is configured using the pki_subordinate parameter and a pointer to the CA which issues the sub-CA's certificates.
+.PP
+\fBNote:\fP The value of \fBpki_ca_signing_subject_dn\fP of a subordinate CA should be different from the root CA's signing subject DN.
 .SS Installing an externally signed CA
 \x'-1'\fBpkispawn -s CA -f myconfig.txt\fR
 .PP
author	Abhishek Koneru <akoneru@redhat.com>	2013-03-15 11:41:40 -0400
committer	Abhishek Koneru <akoneru@redhat.com>	2013-03-22 13:48:46 -0400
commit	e21d70e294557cf04518159b2d3c8aadb89286ab (patch)
tree	ed8ff102d179de4ddda22219e15d08a7f4995d87 /base
parent	4bc8e8ea1823d09d4877ee301e29564244e234d4 (diff)
download	pki-e21d70e294557cf04518159b2d3c8aadb89286ab.tar.gz pki-e21d70e294557cf04518159b2d3c8aadb89286ab.tar.xz pki-e21d70e294557cf04518159b2d3c8aadb89286ab.zip