Chapter 2. Installation and Configuration

Chapter 2. Installation and Configuration

2.1. Deployment Considerations
2.1.1. Security Domains
2.1.2. Cloning a Subsystem
2.1.3. Self-Signed Root CA or Subordinate CA
2.2. Prerequisites
2.2.1. Supported Platforms
2.2.2. Required Programs and Dependencies
2.2.3. Packages Installed
2.3. Configuration Preparation
2.3.1. Required Information
2.3.2. Default Settings
2.4. Configuration Setup Wizard
2.4.1. Security Domain Panel
2.4.2. Subsystem Type Panel
2.4.3. PKI Hierarchy Panel
2.4.4. CA Information Panel
2.4.5. TKS Information Panel
2.4.6. DRM Information Panel
2.4.7. Authentication Directory Panel
2.4.8. Internal Database Panel
2.4.9. Key Store Panel
2.4.10. Key Pairs Panel
2.4.11. Subject Names Panel
2.4.12. Requests and Certificates Panel
2.4.13. Export Keys and Certificates Panel
2.4.14. Administrator Panel
2.5. Installing the Certificate System
2.5.1. Installing from an ISO Image
2.5.2. Installing through up2date
2.6. Configuring the Default Subsystem Instances
2.6.1. Configuring a CA
2.6.2. Configuring a DRM, OCSP, or TKS
2.6.3. Configuring a TPS
2.7. Creating Additional Subsystem Instances
2.7.1. Cloning a Subsystem
2.8. Silent Installation
2.9. Updating Certificate System Packages
2.9.1. Updating Certificate System on Red Hat Enterprise Linux
2.9.2. Updating Certificate System on Solaris
2.10. Uninstalling Certificate System Subsystems
2.10.1. Removing a Subsystem Instance
2.10.2. Removing Certificate System Subsystems

The Certificate System is comprised of subsystems which can be independently installed on different servers, multiple instances installed on a single server, and other flexible configurations for availability, scalability, and failover support. The procedures for downloading, installing, and configuring instances of Certificate System subsystems are described in this chapter.

The Certificate System servers include five subsystems:

The Certificate System client is the Enterprise Security Client. For information about the Enterprise Security Client, see the Certificate System Enterprise Security Client Guide.

There are two steps for installing the Certificate System: the first is installing the server packages, and the second is configuring the subsystem through the HTML-based configuration wizard.

The installation and configuration process for the Certificate System is as follows:

  1. Install a Red Hat Directory Server. This can be on a different machine from the Certificate System, which is the recommended scenario for most deployments.

  2. Download the Certificate System packages from the Red Hat Network channel. Each subsystem has its own packages, as well as dependencies and related packages. These are listed in Section 2.2.3, “Packages Installed”.

  3. Install the Certificate System CA subsystem. See Section 2.5, “Installing the Certificate System ” for complete instructions on installing the CA.

  4. Configure the CA subsystem. For information on configuring the Certificate Manager (CA) subsystem, see Section 2.6, “Configuring the Default Subsystem Instances”.

  5. Install the other Certificate System subsystems on the appropriate hosts. See Section 2.5, “Installing the Certificate System ” for complete instructions on installing the subsystems.

  6. Configure each subsystem through its HTML administrative services page. Go through the installation screens. When completed, all necessary CA, server, and agent and user certificates are generated and installed.

    See Section 2.6, “Configuring the Default Subsystem Instances” for more information on the subsystem configuration pages.