7.4. Creating Subsystem Instances

Each subsystem instance is created by running the pkicreate command, which does a minimal setup with assigned ports, instance directory, log directory, and SELinux policies. The pkicreate and all its options are covered in Section 7.1, “About pkicreate”. This section shows common creation examples for each subsystem type.

7.4.1. Creating the CA Instance

The first step is to create the instance. This example uses the recommended port separation configuration, specifies an auditor group, and uses a Java Security Manager. Other options could be specified to set user-defined log and configuration directories and a user-defined operating system user and group. For other pkicreate options, see Table 7.1, “pkicreate Parameters”.
The command options here are on separate lines to make it clear what options are used; in practice, all options should be on a single line.
pkicreate -pki_instance_root=/var/lib 
          -pki_instance_name=pki-ca          
          -subsystem_type=ca                 
          -agent_secure_port=9443            
          -ee_secure_port=9444               
          -ee_secure_client_auth_port=9446   
          -admin_secure_port=9445            
          -unsecure_port=9180                
          -tomcat_server_port=9701
	  -audit_group=pkiaudit
          -redirect logs=/var/log
When the pkicreate command completes, it returns a URL to use to access the web-based configuration wizard and a PIN to use to authenticate. This PIN is also contained in the install logs (/var/lib/instance_name/logs-install.log) and in the CS.cfg file for the instance.
PKI instance creation Utility ...


PKI instance creation completed ...

Starting instance_name:                                     [  OK  ]

instance_name (pid 17990) is running ...

    'instance_name' must still be CONFIGURED!
    (see /var/lib/instance_name/logs-install.log)

Before proceeding with the configuration, make sure
the firewall settings of this machine permit proper
access to this subsystem.

Please start the configuration by accessing:

http://server.example.com:9180/ca/admin/console/config/login?pin=kI7E1MByNIUcPJ6RKHmH

After configuration, the server can be operated by the command:

    service instance_name start | stop | restart