7.3. Understanding the pkispawn Utility
In Red Hat Certificate System, you set up the individual public key infrastructure (PKI) subsystems using the
pkispawn utility. During the setup, pkispawn:
- Reads the default values from the
/etc/pki/default.cfgfile. For further details, see the pki_default.cfg(5) man page.Important
Do not edit the/etc/pki/default.cfgfile. Instead, create a configuration file and that overrides the defaults, and pass it to thepkispawnutility. For details about using a configuration file, see Section 7.7, “Two-step Installation”. - Uses the passwords and other deployment-specific information provided depending on the setup mode:
- Interactive mode: The user is asked for the individual settings during the setup. Use this mode for simple deployments.
- Batch mode: The values are read from a configuration file the user provides. Parameters not set in the configuration file use the defaults.
- Performs the installation of the requested PKI subsystem.
- Passes the settings to a Java servlet that performs the configuration based on the settings.
Use the
pkispawn utility to install:
- A root CA. For details, see Section 7.4, “Setting Up a Root Certificate Authority”.
- A subordinate CA or any other subsystem. For details, see Section 7.6, “Setting up Additional Subsystems”.
Note
See Section 7.4, “Setting Up a Root Certificate Authority” on how to set up a root CA using the
pkispawn utility. For a setup of a subordinate CA or non-CA subsystems, see Section 7.8, “Setting up Subsystems with an External CA”.
For further information about
pkispawn and examples, see the pkispawn(8) man page.