6.3. Before Installation: Setting up the Operating Environment

To install any Red Hat Certificate System subsystems on Red Hat Enterprise Linux, three programs are required: OpenJDK, Apache or Tomcat (depending on the subsystem), and Red Hat Directory Server. All other required packages should be present as part of the base Red Hat Enterprise Linux operating system packages.
The system itself must be configured in certain ways to ensure that the packages can be properly installed and the instances created. There are several factors that must be in place, depending on the planned deployment:
  • SELinux should be enabled.
  • A system user must be created. The Certificate System instance will run as this user.
  • The system should have a Java Security Manager running to manage the Java-based subsystems.
  • Any external hardware tokens that will be used to store subsystem certificates and keys must be installed, configured, and running before the subsystems are created.
  • Check for any Fedora EPEL repos in /etc/yum.repos.d/ directory; these are usually named epel.repo or epel-testing.repo. Either remove these repo files or disable the repos (setting the enabled line to zero, enabled=0). Disabling the EPEL repos prevents any EPEL packages from overriding the official Red Hat Enterprise Linux packages.

6.3.1. Installing the Required Java Development Kit (JDK)

Certificate System requires OpenJDK 1.6.0. On Red Hat Enterprise Linux systems, this must be installed separately. The OpenJDK can be installed by using yum or by downloading the packages directly from http://openjdk.java.net/install/. For example:
yum install java-1.6.0-openjdk
After installing the JDK, run /usr/sbin/alternatives as root to insure that the proper JDK is available:
/usr/sbin/alternatives --config java

There are 3 programs which provide 'java'.

  Selection    Command
   1           /usr/lib/jvm/jre-1.4.2-gcj/bin/java
 + 2           /usr/lib/jvm/jre-1.6.0-openjdk/bin/java
*  3           /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/java