-
Notifications
You must be signed in to change notification settings - Fork 145
Installing KRA with Existing DS Database
Endi S. Dewata edited this page Jan 15, 2024
·
9 revisions
|
Warning
|
This page is still under development. |
This page describes the process to install KRA with an existing DS database. The DS database could be set up manually or restored from a backup.
Availability: Since PKI 11.5
$ pki-server create $ pki-server nss-create $ pki-server kra-create
$ pki-server password-add \
--password Secret.123 \
internaldb
$ pki-server kra-db-config-mod \
--hostname ds.example.com \
--port 3389 \
--secure false \
--auth BasicAuth \
--bindDN "cn=Directory Manager" \
--bindPWPrompt internaldb \
--database userroot \
--baseDN dc=kra,dc=pki,dc=example,dc=com \
--multiSuffix false \
--maxConns 15 \
--minConns 3
$ pki-server cert-request \
--subject "CN=DRM Storage Certificate" \
--ext /usr/share/pki/server/certs/kra_storage.conf \
kra_storage
$ pki-server cert-import kra_storage
$ pki-server cert-request \
--subject "CN=DRM Transport Certificate" \
--ext /usr/share/pki/server/certs/kra_transport.conf \
kra_transport
$ pki-server cert-import kra_transport
$ pki-server cert-request \
--subject "CN=Audit Signing Certificate" \
--ext /usr/share/pki/server/certs/audit_signing.conf \
kra_audit_signing
$ pki-server cert-import kra_audit_signing
$ pki-server cert-request \
--subject "CN=Subsystem Certificate" \
--ext /usr/share/pki/server/certs/subsystem.conf \
subsystem
$ pki-server cert-import subsystem
$ pki-server cert-request \
--subject "CN=kra.example.com" \
--ext /usr/share/pki/server/certs/sslserver.conf \
sslserver
$ pki-server cert-import sslserver
$ pki nss-cert-request \
--subject "CN=Administrator" \
--ext /usr/share/pki/server/certs/admin.conf \
--csr admin.csr
$ pki nss-cert-import \
--cert admin.crt \
admin
|
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |