7.3. Understanding the pkispawn Utility

In Red Hat Certificate System, you set up the individual public key infrastructure (PKI) subsystems using the pkispawn utility. During the setup, pkispawn:

Reads the default values from the /etc/pki/default.cfg file. For further details, see the pki_default.cfg(5) man page.
Important
Do not edit the /etc/pki/default.cfg file. Instead, create a configuration file and that overrides the defaults, and pass it to the pkispawn utility. For details about using a configuration file, see Section 7.7, “Two-step Installation”.
Uses the passwords and other deployment-specific information provided depending on the setup mode:
- Interactive mode: The user is asked for the individual settings during the setup. Use this mode for simple deployments.
- Batch mode: The values are read from a configuration file the user provides. Parameters not set in the configuration file use the defaults.
Performs the installation of the requested PKI subsystem.
Passes the settings to a Java servlet that performs the configuration based on the settings.

Use the pkispawn utility to install:

A root CA. For details, see Section 7.4, “Setting Up a Root Certificate Authority”.
A subordinate CA or any other subsystem. For details, see Section 7.6, “Setting up Additional Subsystems”.

Note

See Section 7.4, “Setting Up a Root Certificate Authority” on how to set up a root CA using the pkispawn utility. For a setup of a subordinate CA or non-CA subsystems, see Section 7.8, “Setting up Subsystems with an External CA”.

For further information about pkispawn and examples, see the pkispawn(8) man page.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

7.3. Understanding the pkispawn Utility