14.5.3. DRM Instance Information

The directories are instance specific, tied to the instance name. In these examples, the instance name is pki-kra; the true value is whatever is specified at the time the instance is created with pkicreate.

Table 14.5. KRA Instance Information

Setting Value
Standard port
End users secure port
Agents port
Admin port
Tomcat port
Instance Name pki-kra
Main Directory /var/lib/pki-kra
Configuration Directory /etc/pki-kra
Configuration File
Subsystem Certificates
Transport certificate
Storage certificate
SSL server certificate
Audit log signing certificate
Subsystem certificate[a]
Security Databases /var/lib/pki-kra/alias
Log Files /var/lib/pki-kra/logs
Install Logs /var/lib/pki-kra/logs-install.log
Process File /var/run/pki-kra.pid
Web Services Files
/var/lib/pki-kra/webapps - Agent services
/var/lib/pki-kra/webapps.admin - Admin services
[a] The subsystem certificate is always issued by the security domain so that domain-level operations that require client authentication are based on this subsystem certificate.