2.9. Updating Certificate System Packages

2.9. Updating Certificate System Packages

There are many packages, listed in Section 2.2.3.1, “Red Hat Enterprise Linux RPMs” and Section 2.2.3.2, “Solaris Packages”, installed with Certificate System for related applications and dependencies, not just the subsystem packages. For all supported platforms, individual Certificate System packages may be updated through the native package utilities, rpm on Red Hat Enterprise Linux systems and pkgrm and pkgadd on Solaris 9.

Alternatively, if the appropriate network access is available, an individual package can be updated on Red Hat Enterprise Linux systems using the up2date command.

NOTE

All Certificate System instances must be stopped before beginning any updates.

2.9.1. Updating Certificate System on Red Hat Enterprise Linux

For Red Hat Enterprise Linux, and individual package can up updated either by installing the specific RPM or by running up2date to update the package.

To install the RPM:

  1. Stop all Certificate System instances. 

    /etc/init.d/instance_ID stop

  2. Log in as root.

  3. Install the updated package. 

    rpm -Uvh package_name

    For example: 

    rpm -Uvh rhpki-java-tools-7.3.0-4.noarch.rpm

  4. Restart the Certificate System instances. 

    /etc/init.d/instance_ID start

Alternatively, using the up2date command.

  1. Stop all Certificate System instances. 

    /etc/init.d/instance_ID stop

  2. Log in as root.

  3. Run up2date for the package. For example: 

    up2date rhpki-java-tools-7.3.0-4.noarch

  4. Restart the Certificate System instances. 

    /etc/init.d/instance_ID start

2.9.2. Updating Certificate System on Solaris

Before installing or upgrading Certificate System on Solaris, ensure that all packages and binaries from the previous installation have been removed. To remove all existing Certificate System components:

  1. Stop all Certificate System instances. 

    /etc/init.d/instance_ID stop

  2. Log in as root.

  3. Use the following commands to remove the previous instances: 

    pkiremove -pki_instance_root=/var/lib -pki_instance_name=rhpki-ca
pkiremove -pki_instance_root=/var/lib -pki_instance_name=rhpki-ocsp
pkiremove -pki_instance_root=/var/lib -pki_instance_name=rhpki-tks
pkiremove -pki_instance_root=/var/lib -pki_instance_name=rhpki-tps

  4. Remove all subsystem binaries using rhpki-uninstall: 

    rhpki-uninstall -pki_subsystem=all

  5. Remove the actual install and uninstall scripts: 

    pkgrm RHATrhpki-managex

To install the new CA:

  1. Install the install and uninstall scripts: 

    pkgadd -d RHATrhpki-managex-7.3.0-12.sol9.noarch.pkg

  2. Use the install script to install the CA: 

    rhpki-install -pki_subsystem=ca -pki_package_path=.

    IMPORTANT

    Ensure that the current directory contains all the Solaris packages.

  3. For the remaining subsystems, use tks, ocsp, etc., as the pki_subsystem parameter.

  4. Restart the Certificate System instances. 

    /etc/init.d/instance_ID start

NOTE

The Solaris installation uses the same directory structure and configuration as the Red Hat Enterprise Linux installation.