7.2. Certificate System Packages

When installing the Certificate System packages you can either install them for each subsystem individually or all at once.


To install and update Certificate Server packages, you must enable the corresponding repository. For details, see Section 6.5, “Enabling the Certificate System Repository”.
The following subsystem packages and components are available:
  • pki-ca: Provides the Certificate Authority (CA) subsystem.
  • pki-kra: Provides the Key Recovery Authority (KRA) subsystem.
  • pki-ocsp: Provides the Online Certificate Status Protocol (OCSP) responder.
  • pki-tks: Provides the Token Key Service (TKS).
  • pki-tps: Provides the Token Processing Service (TPS).
  • pki-console and redhat-pki-console-theme: Provides the Java-based Red Hat PKI console. Both packages must be installed.
  • pki-server and redhat-pki-server-theme: Provides the web-based Certificate System interface. Both packages must be installed.
    This package is installed as a dependency if you install one of the following packages: pki-ca, pki-kra, pki-ocsp, pki-tks, pki-tps

Example 7.1. Installing Certificate System Packages

  • To install the CA subsystem and the optional web interface, enter:
    # yum install pki-ca redhat-pki-server-theme
    For other subsystems, replace the pki-ca package name with the one of the subsystem you want to install.
  • If you require the optional PKI console:
    # yum install pki-console redhat-pki-console-theme
  • Alternatively, install all Certificate System subsystem packages and components automatically:
    # yum install redhat-pki