7.3. Installing the Certificate System Packages

There are two ways to obtain and install the subsystem packages. For all supported platforms, the Certificate System packages can be downloaded as ISO images through the appropriate Red Hat Network channel. These packages are then installed through a package utility, such as rpm.
Alternatively, if the appropriate network access is available, the subsystems and dependencies can be downloaded and installed on Red Hat Enterprise Linux systems using the yum command.
Several packages are installed with the Certificate System packages for related applications and dependencies, not only for the subsystems. These packages are listed in Section 6.2, “Packages Installed on Red Hat Enterprise Linux”.

7.3.1. Installing through yum


To use an IPv6 hostname for configuration, set the hostname in the PKI_HOSTNAME environment variable before installing the packages. This is described in Section 9.4, “Enabling IPv6 for a Subsystem”.
To install the initial subsystems on Red Hat Enterprise Linux 5.6 (32-bit), run a command like the following for each subsystem:
yum install pki-subsystem
subsystem can be any of the Certificate System subsystems:
  • ca for the Certificate Manager.
  • ra for the Registration Authority.
  • kra for the Data Recovery Manager.
  • ocsp for the Online Certificate Status Protocol Responder.
  • tks for the Token Key System.
  • tps for the Token Processing System.
Once the packages are installed, then each instance must be created manually by running pkicreate.
To install the pkiconsole to administer the subsystems, run the following:
yum install pki-console