Part II. Installing Red Hat Certificate System

This section describes the requirements and procedures for installing Red Hat Certificate System, both for normal operating environments and Common Critera-certified environments.

Table of Contents

5. Prerequisites and Preparation for Installation

5.1. Supported Platforms, Hardware, and Programs

5.1.1. Supported Platforms
5.1.2. Supported Web Browsers
5.1.3. Supported Smart Cards
5.1.4. Supported HSM
5.1.5. Supported Charactersets
5.1.6. Summary of Requirements for Common Criteria

5.2. Packages Installed on Red Hat Enterprise Linux

5.3. Before Installation: Setting up the Operating Environment

5.3.1. Installing the Required Java Development Kit (JDK)
5.3.2. Installing Apache (for the TPS)
5.3.3. Installing Red Hat Directory Server
5.3.4. Installing Additional Operating System Packages
5.3.5. Verifying Firewall Configuration and iptables
5.3.6. Enabling SELinux
5.3.7. Setting up Operating System Users and Groups
5.3.8. Using a Java Security Manager

6. Installing and Configuring Certificate System

6.1. About pkicreate

6.2. Basic Installation

6.2.1. Installing and Configuring a CA
6.2.2. Installing and Configuring a DRM
6.2.3. Installing and Configuring an OCSP Responder
6.2.4. Installing and Configuring an RA

6.3. Configuring a Token Management System

6.3.1. Installing and Configuring a TKS
6.3.2. Installing and Configuring a TPS

7. Installing Red Hat Certificate System with SSL Connections to Red Hat Directory Server

7.1. Using an External CA to Issue Directory Server Certificates
7.2. Using Temporary Self-Signed Directory Server Certificates

8. Using Hardware Security Modules for Subsystem Security Databases

8.1. Setting up HSMs for Storing Certificate System Subsystem Keys and Certificates

8.1.1. Types of Hardware Tokens
8.1.2. Using Hardware Security Modules with Subsystems
8.1.3. Viewing Tokens
8.1.4. Detecting Tokens

8.2. Configuring Subsystems with an HSM in FIPS Mode

8.2.1. Configuring a CA with an HSM in FIPS Mode
8.2.2. Configuring a DRM, OCSP, or TKS with an HSM in FIPS Mode
8.2.3. Configuring a TPS with an HSM in FIPS Mode

8.3. About Retrieving Keys from an HSM

9. Installing an Instance with ECC Enabled

9.1. Loading a Third-Party ECC Module
9.2. Loading the Certicom ECC Module
9.3. Using ECC with an HSM

10. Cloning Subsystems

10.1. About Cloning

10.1.1. Cloning for CAs
10.1.2. Cloning for DRMs
10.1.3. Cloning for Other Subsystems
10.1.4. Cloning and Key Stores
10.1.5. LDAP and Port Considerations
10.1.6. Replica ID Numbers
10.1.7. Custom Configuration and Clones

10.2. Exporting Keys from a Software Database

10.3. Cloning a CA

10.4. Updating CA-DRM Connector Information After Cloning

10.5. Cloning OCSP Subsystems

10.6. Cloning DRM Subsystems

10.7. Cloning TKS Subsystems

10.8. Converting Masters and Clones

10.8.1. Converting CA Clones and Masters
10.8.2. Converting OCSP Clones

10.9. Cloning a CA That Has Been Re-Keyed

10.10. Updating CA Clones

11. Silently Configuring Instances

11.1. About pkisilent
11.2. Silently Configuring Subsystems
11.3. Using Different Key Settings
11.4. Cloning a Subsystem Silently
11.5. Performing Silent Configuration Using an External CA

12. Additional Installation Options

12.1. Requesting Subsystem Certificates from an External CA
12.2. Installing with Shared Port Assignments
12.3. Enabling IPv6 for a Subsystem
12.4. Configuring Separate RA Instances

13. Updating and Removing Subsystem Packages

13.1. Updating Certificate System Packages

13.2. Uninstalling Certificate System Subsystems

13.2.1. Removing a Subsystem Instance
13.2.2. Removing Certificate System Subsystem Packages

14. Troubleshooting Installation, Cloning, and Upgrade