10.5. Cloning KRA Subsystems

  1. Configure the master subsystem, and back up the keys.
  2. Create the clone subsystem instance using the pkispawn utility.
    For examples of the configuration file required by pkispawn when cloning KRA subsystems, see the Installing a KRA or TPS clone section of the pkispawn(8) man page.
  3. Restart the Directory Server instance used by the clone. 
    # systemctl dirsrv@instance_name.service

    Note

    Restarting the Directory Server reloads the updated schema, which is required for proper performance.
  4. Restart the clone instance. 
    # systemctl restart pki-tomcatd@instance_name.service
For the KRA clone, test to make sure that the master-clone relationship is functioning:
  1. Go to the KRA agent's page.
  2. Click List Requests.
  3. Select Show all requests for the request type and status.
  4. Click Submit.
  5. Compare the results from the cloned KRA and the master KRA. The results ought to be identical.