Part II. Installing Red Hat Certificate System

This section describes the requirements and procedures for installing Red Hat Certificate System, both for normal operating environments and Common Critera-certified environments.

Table of Contents

5. A High-Level View of the Setup Process
5.1. Basic Setup: A Walkthrough of the Prerequisites, Installation, and Configuration for a Standard Environment
5.2. Common Criteria Environment: A Walkthrough of the Preparation, Installation, and Configuration for a Certified PKI
6. Prerequisites and Preparation for Installation
6.1. Supported Platforms, Hardware, and Programs
6.1.1. Supported Platforms
6.1.2. Supported Web Browsers
6.1.3. Supported Smart Cards
6.1.4. Supported HSM
6.1.5. Supported Charactersets
6.1.6. Summary of Requirements for Common Criteria
6.2. Packages Installed on Red Hat Enterprise Linux
6.3. Before Installation: Setting up the Operating Environment
6.3.1. Installing the Required Java Development Kit (JDK)
6.3.2. Installing Apache (for the TPS)
6.3.3. Installing Red Hat Directory Server
6.3.4. Installing Additional Operating System Packages
6.3.5. Verifying Firewall Configuration and iptables
6.3.6. Enabling SELinux
6.3.7. Setting up Operating System Users and Groups
6.3.8. Using a Java Security Manager
6.3.9. Setting up HSMs for Storing Certificate System Subsystem Keys and Certificates
7. Installing and Configuring Certificate System
7.1. About pkicreate
7.2. Required Information for Subsystem Configuration
7.3. Installing the Certificate System Packages
7.3.1. Installing through yum
7.3.2. Installing from an ISO Image
7.4. Creating Subsystem Instances
7.4.1. Creating the CA Instance
7.4.2. Creating the RA Instance
7.4.3. Creating the DRM, OCSP, or TKS Instance
7.4.4. Creating the TPS Instance
7.5. Configuring Server SSL Connections Between Red Hat Directory Server and Red Hat Certificate System
7.5.1. Using an External CA to Issue Directory Server Certificates
7.5.2. Using Temporary Self-Signed Directory Server Certificates
7.6. Configuring Certificate System Subsystems
7.6.1. Checklist Before Configuring Subsystem Instances
7.6.2. Setting up CAs
7.6.3. Setting up RAs
7.6.4. Setting up DRMs, OCSPs, and TKSs
7.6.5. Setting up TPSs
7.7. Configuring Subsystems with an HSM in FIPS Mode
7.7.1. Configuring a CA with an HSM in FIPS Mode
7.7.2. Configuring a DRM, OCSP, or TKS with an HSM in FIPS Mode
7.7.3. Configuring a TPS with an HSM in FIPS Mode
8. After Configuration: Checklist of Configuration Areas for Deploying Certificate System
9. Additional Installation Options
9.1. Requesting Subsystem Certificates from an External CA
9.2. Installing with Shared Port Assignments
9.3. Installing an Instance with ECC Enabled
9.3.1. Loading a Third-Party ECC Module
9.3.2. Loading the Certicom ECC Module
9.3.3. Using ECC with an HSM
9.4. Enabling IPv6 for a Subsystem
9.5. Configuring Separate RA Instances
10. Cloning Subsystems
10.1. About Cloning
10.1.1. Cloning for CAs
10.1.2. Cloning for DRMs
10.1.3. Cloning for Other Subsystems
10.1.4. Cloning and Key Stores
10.1.5. LDAP and Port Considerations
10.1.6. Replica ID Numbers
10.2. Exporting Keys from a Software Database
10.3. Cloning a CA
10.4. Cloning OCSP Subsystems
10.5. Cloning DRM Subsystems
10.6. Cloning TKS Subsystems
10.7. Converting Masters and Clones
10.7.1. Converting CA Clones and Masters
10.7.2. Converting OCSP Clones
10.8. Cloning a CA That Has Been Re-Keyed
10.9. Updating CA Clones
11. Silent Configuration
11.1. About pkisilent
11.2. Silently Configuring Subsystems
11.3. Using Different Key Settings
11.4. Cloning a Subsystem Silently
11.5. Performing Silent Configuration Using an External CA
12. Updating and Removing Subsystem Packages
12.1. Updating Certificate System Packages
12.2. Uninstalling Certificate System Subsystems
12.2.1. Removing a Subsystem Instance
12.2.2. Removing Certificate System Subsystem Packages
13. Troubleshooting Installation