Installing KRA Interactively - dogtagpki/pki GitHub Wiki
This page describes the process to install a KRA subsystem.
To start the installation execute the following command:
$ pkispawn IMPORTANT: Interactive installation currently only exists for very basic deployments! For example, deployments intent upon using advanced features such as: * Cloning, * Elliptic Curve Cryptography (ECC), * External CA, * Hardware Security Module (HSM), * Subordinate CA, * etc., must provide the necessary override parameters in a separate configuration file. Run 'man pkispawn' for details. Subsystem (CA/KRA/OCSP/TKS/TPS) [CA]: KRA Tomcat: Instance [pki-tomcat]: Administrator: Username [kraadmin]: Password: Secret.123 Verify password: Secret.123 Import certificate (Yes/No) [Y]? Import certificate from [/root/.dogtag/pki-tomcat/ca_admin.cert]: Directory Server: Hostname [pki.example.com]: Use a secure LDAPS connection (Yes/No/Quit) [N]? LDAP Port [389]: Bind DN [cn=Directory Manager]: Password: Secret.123 Base DN [o=pki-tomcat-KRA]: Security Domain: Hostname [pki.example.com]: Secure HTTP port [8443]: Name: example.com Security Domain Username [caadmin]: Password: Secret.123 Begin installation (Yes/No/Quit)? Y Installation log: /var/log/pki/pki-kra-spawn.20211004145029.log Installing KRA into /var/lib/pki/pki-tomcat. ========================================================================== INSTALLATION SUMMARY ========================================================================== Administrator's username: kraadmin To check the status of the subsystem: systemctl status [email protected] To restart the subsystem: systemctl restart [email protected] The URL for the subsystem is: https://pki.example.com:8443/kra PKI instances will be enabled upon system boot ==========================================================================