Chapter 7. Installing and Configuring Certificate System
Red Hat Certificate System provides different subsystems that can be installed individually. For example, you can install multiple subsystem instances on a single server or you can run them independently on different hosts. This enables you to adapt the installation to your environment to provide a higher availability, scalability, and failover support. This chapter describes the package installation and how to set up the individual subsystems.
The Certificate System includes the following subsystems:
- Certificate Authority (CA)
- Key Recovery Authority (KRA)
- Online Certificate Status Protocol (OCSP) Responder
- Token Key Service (TKS)
- Token Processing System (TPS)
7.1. Subsystem Configuration Order
The order in which the individual subsystems are set up is important because of relationships between the different subsystems:
- At least one CA is required before any of the other public key infrastructure (PKI) subsystems can be installed.
- Install the OCSP after the CA has been configured.
- The KRA, and TKS subsystems can be installed in any order, after the CA and OCSP have been configured.
- The TPS subsystem depends on the CA and TKS, and optionally on the KRA and OCSP subsystem.
Note
For a non-Token Management setup, you can install CA, OCSP, and KRA subsystems, while in a Token Management setup, you can install CA, OCSP, KRA, TKS, and TPS.