Show Table of Contents
Chapter 13. Basic Subsystem Management
This chapter discusses the Certificate System administrative console, the configuration files, and other basic administrative tasks such as starting and stopping the server, managing logs, changing port assignments, and changing the internal database.
13.1. PKI Instances
This version of the Certificate System continues to support separate PKI instances for all subsystems.
- Separate PKI instances
- run as a single Java-based Apache Tomcat instance,
- contain a single PKI subsystem (CA, KRA, OCSP, TKS, or TPS), and
- must utilize unique ports if co-located on the same physical machine or virtual machine (VM).
Additionally, this version of the Certificate System introduces the notion of a shared PKI instance.
- Shared PKI instances
- run as a single Java-based Apache Tomcat instance,
- can contain a single PKI subsystem that is identical to a separate PKI instance,
- can contain any combination of up to one of each type of PKI subsystem:
- CA
- TKS
- CA, KRA
- CA, OCSP
- TKS, TPS
- CA, KRA, TKS, TPS
- CA, KRA, OCSP, TKS, TPS
- and so on.
- allow all of their subsystems contained within that instance to share the same ports, and
- must utilize unique ports if more than one is co-located on the same physical machine or VM.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.