1.1. pkicreate

1.1. pkicreate

The pkicreate tool creates instances of Certificate System subsystems and does a minimal configuration of the new instance, such as setting the configuration directory and port numbers. Further configuration is done through the HTML configuration page, as with configuring the default instances.

The following sections explain the syntax and usage of the pkicreate tool.

1.1.1. Syntax

This tool has the following syntax: 

pkicreate -pki_instance_root=/directory/path -subsystem_type=type
 -pki_instance_name=instance_ID [-secure_port=SSLport]
 [-unsecure_port=port] -tomcat_server_port=port
 -user=user_name -group=group_name [-verbose] [-help]

NOTE

The pkicreate tool also accepts an environment variable, DONT_RUN_PKICREATE; if this is set, the pkicreate utility is prevented from doing anything. When the DONT_RUN_PKICREATE variable is set before installing the default subsystem instance (before running the rhpki-install script), this allows the default instance to be installed in a user-defined location instead of the default location.

Parameter Description
pki_instance_root Gives the full path to the new instance configuration directory.
subsystem_type

Gives the type of subsystem being created. The possible values are as follows:

  • ca, for a Certificate Authority

  • ra, for a Registration Authority

  • kra, for a DRM

  • ocsp, for an OCSP

  • tks, for a TKS

  • tps, for a TPS

pki_instance_name Gives the name of the new instance.The name must be unique within the security domain. Even cloned subsystems must have different instance names for cloning to succeed.
secure_port Optional. Sets the SSL port number. If this is not set, the number is randomly generated.
unsecure_port Optional. Sets the regular port number. If this is not set, the number is randomly generated.
tomcat_server_port Sets the port number for the Tomcat web server. This option must be set for CA, OCSP, TKS, and DRM instances. tomcat_server_port is not used when creating a TPS instance since it does not use a Tomcat web server.
user Sets the user as which the Certificate System instance will run. This option must be set.
group Sets the group as which the Certificate System instance will run. This option must be set.
verbose Optional. Runs the new instance creation in verbose mode.
help Shows the help information.
Table 1.1. 

1.1.2. Usage

In the following example, the pkicreate is used to create a new DRM instance running on ports 10543 and 10180, named rhpki-drm2, in the /var/lib/rhpki-drm2 directory. 

pkicreate -pki_instance_root=/var/lib -subsystem_type=kra -pki_instance_name=rhpki-drm2 -secure_port=10543 \
	-unsecure_port=10180 -tomcat_server_port=1802 -user=pkiuser -group=pkigroup -verbose

To keep the pkicreate script from creating a new instance when it is run, set the DONT_RUN_PKICREATE environment variable to 1. 

export DONT_RUN_PKICREATE=1