Part II. Installing Red Hat Certificate System

This section describes the requirements and procedures for installing Red Hat Certificate System, both for normal operating environments and Common Critera-certified environments.

Table of Contents

5. Prerequisites and Preparation for Installation
5.1. Supported Platforms, Hardware, and Programs
5.1.1. Supported Platforms
5.1.2. Supported Web Browsers
5.1.3. Supported Smart Cards
5.1.4. Supported HSM
5.1.5. Supported Charactersets
5.1.6. Summary of Requirements for Common Criteria
5.2. Packages Installed on Red Hat Enterprise Linux
5.3. Before Installation: Setting up the Operating Environment
5.3.1. Installing the Required Java Development Kit (JDK)
5.3.2. Installing Apache (for the TPS)
5.3.3. Installing Red Hat Directory Server
5.3.4. Installing Additional Operating System Packages
5.3.5. Verifying Firewall Configuration and iptables
5.3.6. Enabling SELinux
5.3.7. Setting up Operating System Users and Groups
5.3.8. Using a Java Security Manager
6. Installing and Configuring Certificate System
6.1. About pkicreate
6.2. Basic Installation
6.2.1. Installing and Configuring a CA
6.2.2. Installing and Configuring a DRM
6.2.3. Installing and Configuring an OCSP Responder
6.2.4. Installing and Configuring an RA
6.3. Configuring a Token Management System
6.3.1. Installing and Configuring a TKS
6.3.2. Installing and Configuring a TPS
7. Installing Red Hat Certificate System with SSL Connections to Red Hat Directory Server
7.1. Using an External CA to Issue Directory Server Certificates
7.2. Using Temporary Self-Signed Directory Server Certificates
8. Using Hardware Security Modules for Subsystem Security Databases
8.1. Setting up HSMs for Storing Certificate System Subsystem Keys and Certificates
8.1.1. Types of Hardware Tokens
8.1.2. Using Hardware Security Modules with Subsystems
8.1.3. Viewing Tokens
8.1.4. Detecting Tokens
8.2. Configuring Subsystems with an HSM in FIPS Mode
8.2.1. Configuring a CA with an HSM in FIPS Mode
8.2.2. Configuring a DRM, OCSP, or TKS with an HSM in FIPS Mode
8.2.3. Configuring a TPS with an HSM in FIPS Mode
8.3. About Retrieving Keys from an HSM
9. Installing an Instance with ECC Enabled
9.1. Loading a Third-Party ECC Module
9.2. Loading the Certicom ECC Module
9.3. Using ECC with an HSM
10. Cloning Subsystems
10.1. About Cloning
10.1.1. Cloning for CAs
10.1.2. Cloning for DRMs
10.1.3. Cloning for Other Subsystems
10.1.4. Cloning and Key Stores
10.1.5. LDAP and Port Considerations
10.1.6. Replica ID Numbers
10.1.7. Custom Configuration and Clones
10.2. Exporting Keys from a Software Database
10.3. Cloning a CA
10.4. Updating CA-DRM Connector Information After Cloning
10.5. Cloning OCSP Subsystems
10.6. Cloning DRM Subsystems
10.7. Cloning TKS Subsystems
10.8. Converting Masters and Clones
10.8.1. Converting CA Clones and Masters
10.8.2. Converting OCSP Clones
10.9. Cloning a CA That Has Been Re-Keyed
10.10. Updating CA Clones
11. Silently Configuring Instances
11.1. About pkisilent
11.2. Silently Configuring Subsystems
11.3. Using Different Key Settings
11.4. Cloning a Subsystem Silently
11.5. Performing Silent Configuration Using an External CA
12. Additional Installation Options
12.1. Requesting Subsystem Certificates from an External CA
12.2. Installing with Shared Port Assignments
12.3. Enabling IPv6 for a Subsystem
12.4. Configuring Separate RA Instances
13. Updating and Removing Subsystem Packages
13.1. Updating Certificate System Packages
13.2. Uninstalling Certificate System Subsystems
13.2.1. Removing a Subsystem Instance
13.2.2. Removing Certificate System Subsystem Packages
14. Troubleshooting Installation, Cloning, and Upgrade