Show Table of Contents
7.3. Understanding the pkispawn Utility
In Red Hat Certificate System, you set up the individual public key infrastructure (PKI) subsystems using the
pkispawn
utility. During the setup, pkispawn
:
- Reads the default values from the
/etc/pki/default.cfg
file. For further details, see the pki_default.cfg(5) man page.Important
Do not edit the/etc/pki/default.cfg
file. Instead, create a configuration file and that overrides the defaults, and pass it to thepkispawn
utility. For details about using a configuration file, see Section 7.7, “Two-step Installation”. - Uses the passwords and other deployment-specific information provided depending on the setup mode:
- Interactive mode: The user is asked for the individual settings during the setup. Use this mode for simple deployments.
- Batch mode: The values are read from a configuration file the user provides. Parameters not set in the configuration file use the defaults.
- Performs the installation of the requested PKI subsystem.
- Passes the settings to a Java servlet that performs the configuration based on the settings.
Use the
pkispawn
utility to install:
- A root CA. For details, see Section 7.4, “Setting Up a Root Certificate Authority”.
- A subordinate CA or any other subsystem. For details, see Section 7.6, “Setting up Additional Subsystems”.
Note
See Section 7.4, “Setting Up a Root Certificate Authority” on how to set up a root CA using the
pkispawn
utility. For a setup of a subordinate CA or non-CA subsystems, see Section 7.8, “Setting up Subsystems with an External CA”.
For further information about
pkispawn
and examples, see the pkispawn(8) man page.