10.6. Cloning TKS Subsystems

  1. Configure the master subsystem, and back up the keys.
  2. Create the clone subsystem instance using the pkispawn utility.
    For examples of the configuration file required by pkispawn when cloning TKS subsystems, see the Installing a KRA or TKS clone section of the pkispawn(8) man page.
  3. Restart the clone instance.
    # systemctl restart pki-tomcatd@instance_name.service
For the TKS, enroll a smart card and then run an ldapsearch to make sure that the same key information is contained in both databases.