The pkispawn provides a number of deployment parameters to customize PKI installation. However, there are quite a few things that cannot be customized using pkispawn parameters. Some of these customizations can be done after the whole installation is complete (e.g. customizing standard certificate profiles), but there are some others that have to be done during the installation process (e.g. customizing system certificate profiles).

To customize configuration files during installation, the installation needs be done in two steps:

• step 1: installation

• step 2: configuration

In the installation step the configuration, files will be copied from the shared folder (i.e. /usr/share/pki) into the instance folder (i.e. /var/lib/pki/<instance>) and customized based on the parameters specified in the deployment configuration.

In the configuration step the installation will continue using the configuration files that are already customized in the instance folder (i.e. /var/lib/pki/<instance>).

Between these two steps additional customization can be done manually as needed to the files stored in the instance folder (i.e. /var/lib/pki/<instance>).

To run the installation step, prepare the deployment configuration as usual (e.g. ca.cfg), then add the following parameter:

Start the installation step, for example:

Since PKI 10.4.x the pki_skip_configuration parameter can be set using --skip-configuration CLI option, for example:

To run the configuration step, remove the pki_skip_configuration parameter and add the following parameter;

Then re-run pkispawn to run the configuration step, for example:

Since PKI 10.4.x the pki_skip_installation parameter can be set using --skip-installation CLI option, for example: