# ldapmodify -D "cn=Directory Manager" -W -h server.example.com -p 389 -x
dn: ou=authorities,ou=ca,CA_base_DN
changetype: add
objectClass: top
objectClass: organizationalUnit
ou: authorities

# ldapmodify -D "cn=Directory Manager" -W -h server.example.com -p 389 -x
dn: cn=aclResources,CA_base_DN
changetype: modify
add: resourceACLS
resourceACLS: certServer.ca.authorities:list,read:allow (list,read)
 user="anybody":Anybody may list and read lightweight authorities
resourceACLS: certServer.ca.authorities:create,modify:allow
 (create,modify) group="Administrators":Administrators may create
 and modify lightweight authorities resourceACLS:
 certServer.ca.authorities:delete:allow (delete)
 group="Administrators":Administrators may delete lightweight
 authorities

# ldapmodify -D "cn=Directory Manager" -W -h server.example.com -p 389 -x
dn: cn=issuername,cn=index,cn=CA_database_name,cn=ldbm database,
 cn=plugins, cn=config
changetype: add
objectClass: top
objectClass: nsIndex
nsindexType: eq
nsindexType: pres
nsindexType: sub
nsSystemindex: false
cn: issuername

# ldapmodify -D "cn=Directory Manager" -W -h server.example.com -p 389 -x
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( realm-oid NAME 'realm' DESC 'CMS defined attribute'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )

delete: objectClasses
objectClasses: ( request-oid NAME 'request' DESC 'CMS defined class'
 SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $
 dateOfModify $ requestState $ requestResult $ requestOwner $
 requestAgentGroup $ requestSourceId $ requestType $ requestFlag $
 requestError $ userMessages $ adminMessages ) X-ORIGIN 'user defined' )

add: objectClasses
objectClasses: ( request-oid NAME 'request' DESC 'CMS defined class'
 SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $
 dateOfModify $ requestState $ requestResult $ requestOwner $
 requestAgentGroup $ requestSourceId $ requestType $ requestFlag $
 requestError $ userMessages $ adminMessages $ realm ) X-ORIGIN 'user
 defined' )

1. In the /var/lib/pki/instance_name/ca/profiles/ca/caDualCert.cfg file, set:

   policyset.signingCertSet.2.default.params.startTime=0

2. In the /var/lib/pki/instance_name/ca/profiles/ca/caECDualCert.cfg file, set:

   policyset.signingCertSet.2.default.params.startTime=0

3. In the /var/lib/pki/instance_name/ca/profiles/ca/caDualCert.cfg file, set:

   policyset.signingCertSet.2.default.params.startTime=0

4. In the /var/lib/pki/instance_name/ca/profiles/ca/caJarSigningCert.cfg file, set:

   policyset.caJarSigningSet.2.default.params.startTime=0

5. In the /var/lib/pki/instance_name/ca/profiles/ca/caSignedLogCert.cfg file, set:

   policyset.caLogSigningSet.2.default.params.startTime=0

# pki-server db-upgrade

# ldapmodify -D "cn=Directory Manager" -W -h server.example.com -p 389 -x
dn: cn=schema
changetype: modify
delete: objectClasses
objectClasses: ( authority-oid NAME 'authority' DESC 'Certificate
 Authority' SUP top STRUCTURAL MUST ( cn $ authorityID
 $ authorityKeyNickname $ authorityEnabled $ authorityDN ) MAY
 ( authoritySerial $ authorityParentID $ authorityParentDN $
 authorityKeyHost $ description ) X-ORIGIN 'user defined' )

delete: attributeTypes
attributeTypes: ( authorityKeyNickname-oid NAME
 'authorityKeyNickname' DESC 'Authority key nickname' SYNTAX
 1.3.6.1.4.1.1466.115.121.1.44 SINGLE-VALUE X-ORIGIN
 'user-defined' )

add: attributeTypes
attributeTypes: ( authorityKeyNickname-oid NAME
 'authorityKeyNickname' DESC 'Authority key nickname'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
 X-ORIGIN 'user-defined' )

add: objectClasses
objectClasses: ( authority-oid NAME 'authority' DESC
 'Certificate Authority' SUP top STRUCTURAL MUST ( cn
 $ authorityID $ authorityKeyNickname $ authorityEnabled
 $ authorityDN ) MAY ( authoritySerial $ authorityParentID
 $ authorityParentDN $ authorityKeyHost $ description )
 X-ORIGIN 'user defined' )