7.3. Understanding the pkispawn Utility

In Red Hat Certificate System, you set up the individual public key infrastructure (PKI) subsystems using the pkispawn utility. During the setup, pkispawn:
  1. Reads the default values from the /etc/pki/default.cfg file. For further details, see the pki_default.cfg(5) man page.


    Do not edit the /etc/pki/default.cfg file. Instead, create a configuration file and that overrides the defaults, and pass it to the pkispawn utility. For details about using a configuration file, see Section 7.7, “Two-step Installation”.
  2. Uses the passwords and other deployment-specific information provided depending on the setup mode:
    • Interactive mode: The user is asked for the individual settings during the setup. Use this mode for simple deployments.
    • Batch mode: The values are read from a configuration file the user provides. Parameters not set in the configuration file use the defaults.
  3. Performs the installation of the requested PKI subsystem.
  4. Passes the settings to a Java servlet that performs the configuration based on the settings.
Use the pkispawn utility to install:


See Section 7.4, “Setting Up a Root Certificate Authority” on how to set up a root CA using the pkispawn utility. For a setup of a subordinate CA or non-CA subsystems, see Section 7.8, “Setting up Subsystems with an External CA”.
For further information about pkispawn and examples, see the pkispawn(8) man page.