7.2. Required Information for Subsystem Configuration

When the Certificate System subsystems are configured, some outside information must be available, as listed in Table 7.2, “Required Information for Configuring Subsystems”.

Table 7.2. Required Information for Configuring Subsystems

Information Description
Login PIN There is a randomly-generated PIN in the preop.pin parameter in the CS.cfg file in the instance conf/ directory. This is used to log into the configuration wizard.
Security domain information CAs can create a new security domain, which requires a unique name and a username and password for the CA agent who administers the domain. All other subsystems must join an existing security name. Have the username and password of the CA agent who administers the domain.
CA information If the subsystem is not a CA, then it is necessary to select a CA from a drop-down menu or add an external CA. If a Certificate System CA is selected, then supply the CA agent username and password.
Subsystem information (for TPS configuration) When installing a TPS, you must have already configured the other subsystem and have their bind information available:
The CA
The TKS (required)
The DRM (optional, for server-side key generation)
When configuring the TPS, the TKS and DRM to connect with the TPS are selected from a drop-down list of all subsystems within the security domain.
Directory Server hostname and port number The Certificate System uses the user database of the Directory Server to store its information, and the hostname and port number of the LDAP directory is required for the Certificate System to access the database.
Directory Manager DN and password The Certificate System must be able to bind to the user database, so a user ID and password must be supplied to bind to the Directory Server. This user is normally the Directory Manager. The default Directory Manager DN is cn=Directory Manager.
Certificate and key recovery files (for cloning) If the subsystem being configured is a clone of another subsystem, then the backup files for the master subsystem must be locally accessible.