3.5.1. Installing from an ISO Image

3.5.1. Installing from an ISO Image

For Sun Solaris and Red Hat Enterprise Linux AS and ES, use the following procedure to install the Certificate System from an ISO image:

  1. Open the appropriate Red Hat Certificate System 7.3 Red Hat Network channel and download the packages.

    Solaris packages are contained in a single ISO image; Red Hat Enterprise Linux packages can be downloaded as an ISO image or individually.

  2. Log into the machine as the root user.

  3. Install the rhpki-manage package and run rhpki-install manually. For example, on Red Hat Enterprise Linux: 

    rpm -Uvh rhpki-manage-<version>.noarch.rpm

    After you have installed the rhpki-manage package, use the rhpki-install script to install the subsystem. For example: 

    rhpki-install -pki_subsystem=<subsystem_type>
 -pki_package_path=</path/to/ISO image> -force

    Note

    The DONT_RUN_PKICREATE environment variable can stop the pkicreate script from running automatically after the subsystems are installed. This allows the default instances to be installed in user-defined installation directories, instead of the default locations in /var/lib. It can be preferable to install through the ISO image with this environment variable set to block the pkicreate script for deployments where the default instances must be installed in custom locations.

    The following options are available for subsystem:

    • ca installs the Certificate Authority.

    • drm installs the Data Recovery Manager.

    • ocsp installs the Online Certificate Status Protocol Responder.

    • tks installs the Token Key System.

    • tps installs the Token Processing System.

    • esc installs the Enterprise Security Client.

    The force option bypasses any confirmation prompts that may otherwise appear during the installation.

    For example, to install the CA and then the DRM, use the following commands: 

    rhpki-install -pki_subsystem=ca
 -pki_package_path=/media/cdrom/RedHat/RPMS -force

rhpki-install -pki_subsystem=drm
 -pki_package_path=/media/cdrom/RedHat/RPMS -force

    The rhpki-install script uses the rpm program on Red Hat Enterprise Linux systems and pkginfo and pkgadd programs on Solaris 9 systems.

  4. When the installation process is complete, a URL to access this instance is printed to the screen with the following format. 

    Configuration Wizard listening on
http://<hostname.domainname:unsecure-port/subsystem_type>
 /admin/console/config/login?pin=<pin>

    For example, a new CA may have the following URL: 

    http://server.example.com:9080/
 ca/admin/console/config/login?pin=Yc6EuvuY2OeezKeX7REk

Note

When the first subsystem is installed on a machine, the installation process automatically creates a new user (pkiuser) and group (pkiuser). All default Certificate System instances will run as this user and group.