How to Setup and Configure "mod_tps" and "mod_tokendb" on Apache

Overview

Dependencies

Supported Platforms

Installing and Configuring "mod_tps" and "mod_tokendb"

  1. Insure that a pre-installed version 1.0.0 of the FCS common subsystems area exists on the desired machine running on the desired platform
    (e. g. - <pki_server_root>/<common_subsystems_area>)
  2. Insure that a pre-installed version 1.0.0 of the FCS CA exists on the desired machine running on the desired platform
    (e. g. - <pki_server_root>/<common_subsystems_area>/<common_ca_subsystems> and <pki_server_root>/<ca_instance>)
  3. Insure that a pre-installed version 1.0.0 of the FCS TKS exists on the desired machine running on the desired platform
    (e. g. - <pki_server_root>/<common_subsystems_area>/<common_tks_subsystems> and <pki_server_root>/<tks_instance>)
  4. Optionally, insure that a pre-installed version 1.0.0 of the FCS DRM exists on the desired machine running on the desired platform
    (e. g. - <pki_server_root>/<common_subsystems_area>/<common_drm_subsystems> and <pki_server_root>/<drm_instance>)
  5. Insure that a pre-installed version 1.0 of the FDS exists on the desired machine running on the desired platform.
    This is needed to create a TPS internaldb instance
    (e. g. - <rhds_server_root>/<tps_internaldb>)
  6. Insure that a pre-installed threaded version 2.0.52 of the Apache server exists on the desired machine running on the desired platform
    (e. g. - <apache_server_root>)
  7. Insure that this Apache server has "mod_nss" (Fortitude) installed and available from its <apache_server_root>
  8. Download and unpack the entire contents of the TPS package into the <pki_server_root>/<common_subsystems_area>, the <pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>, and the <pki_server_root>/<tps_instance>
  9. Change directory to <pki_server_root>/<common_subsystems_area>/bin
  10. Execute <pki_server_root>/<common_subsystems_area>/bin/setup_tps:
    1. Creates a wrapper script called <pki_server_root>/<common_subsystems_area>/bin/tpsclient for <pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/bin/tpsclient
    2. Creates an empty <pki_server_root>/<tps_instance>/bin directory (instance-specific binaries)
    3. Creates an empty <pki_server_root>/<tps_instance>/cgi-bin directory (user customization)
    4. Creates an empty <pki_server_root>/<tps_instance>/docroot directory (user customization)
    5. Creates an empty <pki_server_root>/<tps_instance>/lib directory (instance-specific libraries)
    6. Creates an empty <pki_server_root>/<tps_instance>/logs directory (instance-specific logs)
    7. Sets up the CA connector in <pki_server_root>/<tps_instance>/config/CS.cfg
    8. Optionally, sets up the DRM connector in <pki_server_root>/<tps_instance>/config/CS.cfg
    9. Creates a cert8.db in <pki_server_root>/<tps_instance>/config/cert8.db
    10. Creates a key3.db in <pki_server_root>/<tps_instance>/config/key3.db
    11. Populates the cert8.db and key3.db security databases located in the <pki_server_root>/<tps_instance>/config directory with the ServerCert
    12. Populates the TPS internaldb located in the <rhds_server_root>/<tps_internaldb> directory by executing the LDIF scripts located in the <pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/setup directory
    13. Generates the <pki_server_root>/<common_subsystems_area>/config/httpd.conf Apache Configuration file: 
      #
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule nss_module         <apache_server_root>/modules/libmodnss.so

#
# Bring in additional module-specific configurations
#
Include <apache_server_root>/conf/nss.conf
Include <pki_server_root>/<tps_instance>/config/tps.conf
    14. Generates the <pki_server_root>/<tps_instance>/config/tps.conf Apache TPS Module Configuration file: 
      #
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule tps_module         <pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/lib/mod_tps.so
LoadModule tokendb_module     <pki_server_root>/<common_subsystems_area>/<common_tps_subsystems>/lib/mod_tokendb.so

<Location /nk_service>
    SetHandler nk_service
</Location>
                                                                                
<Location /tus>
    SetHandler tus
</Location>

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "<pki_server_root>/<common_subsystems_area>/docroot"

#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "<pki_server_root>/<common_subsystems_area>/cgi-bin/"

#
# Bring in additional module-specific configurations
#
TPSConfigPathFile <pki_server_root>/<tps_instance>/config/CS.cfg
  11. Assume "root" privilege
  12. Execute <apache_server_root>/bin/apachectl -f <pki_server_root>/<common_subsystems_area>/config/httpd.conf start

Inventory of cs-tps-{version} Package

Inventory of cs-tps-devel-{version} Package