This tool has the following syntax for a CA:
perl pkisilent ConfigureCA -cs_hostname hostname
-cs_port SSLport
-client_certdb_dir certDBdir
-client_certdb_pwd password
-preop_pin preoppin
-domain_name domain_name
-admin_user adminUID
-admin_email admin@email
-admin_password password
-agent_name agentName
-agent_key_size keySize
-agent_key_type keyType
-agent_cert_subject cert_subject_name
-ldap_host hostname
-ldap_port port
-bind_dn bindDN
-bind_password password
-base_dn search_base_DN
-db_name dbName
-key_size keySize
-key_type keyType
-token_name HSM_name
-token_pwd HSM_password
-save_p12 export-p12-file
-backup_pwd password
This tool has the following syntax for the RA subsystem:
perl pkisilent ConfigureRA -help,-? displays help information -cs_hostname CS Hostname -cs_port CS SSL port -sd_hostname Security Domain Hostname -sd_ssl_port Security Domain SSL port -sd_admin_name Security Domain username -sd_admin_password Security Domain password -ca_hostname CA Hostname -ca_port CA non SSL port -ca_ssl_port CA SSL port -client_certdb_dir Client CertDB dir -client_certdb_pwd client certdb password -preop_pin pre op pin -domain_name domain name -admin_user Admin User Name -admin_email Admin email -admin_password Admin password -agent_name Agent Cert Nickname -token_name HSM/Software Token name -token_pwd HSM/Software Token password -key_size Key Size -key_type Key type [rsa] -agent_key_size Agent Cert Key Size -agent_key_type Agent cert Key type [rsa] -agent_cert_subject Agent cert Subject -ra_subsystem_cert_subject_name RA subsystem cert subject name -ra_server_cert_subject_name RA server cert subject name -subsystem_name RA subsystem name
This tool has the following syntax for the DRM, OCSP, and TKS subsystems:
perl pkisilent ConfiguresubsystemType -cs_hostname hostname
-cs_port SSLport
-ca_hostname hostname
-ca_port port
-ca_ssl_port SSLport
-ca_agent_name agentName
-ca_agent_password password
-client_certdb_dir certDBdir
-client_certdb_pwd password
-preop_pin preoppin
-domain_name domain_name
-admin_user adminUID
-admin_email admin@email
-admin_password password
-agent_name agentName
-ldap_host hostname
-ldap_port port
-bind_dn bindDN
-bind_password password
-base_dn search_base_DN
-db_name dbName
-key_size keySize
-key_type keyType
-agent_key_size keySize
-agent_key_type keyType
-agent_cert_subject cert_subject_name
-backup_pwd password
This tool has the following syntax for the TPS subsystem:
perl pkisilent ConfigureTPS -cs_hostname hostname
-cs_port SSLport
-ca_hostname hostname
-ca_port port
-ca_ssl_port SSLport
-ca_agent_name agentName
-ca_agent_password password
-client_certdb_dir certDBdir
-client_certdb_pwd password
-preop_pin preoppin
-domain_name domain_name
-admin_user adminUID
-admin_email admin@email
-admin_password password
-agent_name agentName
-ldap_host hostname
-ldap_port port
-bind_dn bindDN
-bind_password password
-base_dn search_base_DN
-db_name dbName
-key_size keySize
-key_type keyType
-agent_key_size keySize
-agent_key_type keyType
-agent_cert_subject cert_subject_name
-ldap_auth_host ldap_auth_host
-ldap_auth_port ldap_auth_port
-ldap_auth_base_dn ldap_auth_base_dn
| Java™ Class Name | Subsystem |
|---|---|
| ConfigureCA | For the CA. |
| ConfigureRA | For the RA. |
| ConfigureDRM | For the DRM. |
| ConfigureOCSP | For the OCSP. |
| ConfigureTKS | For the TKS. |
| ConfigureTPS | For the TPS. |
Table 3.1. Subsystem Java™ Classes for pkisilent
The ConfigureCA script is used to create a security domain or to add the new CA to an existing domain. The other scripts only add the subsystem to an existing security domain.
| Parameter | Description |
|---|---|
| cs_hostname | The hostname for the Certificate System machine. |
| cs_port | The SSL port number of the Certificate System. |
| ca_hostname | The hostname for the CA subsystem which will issue the certificates for the DRM, OCSP, TKS, or TPS subsystem. |
| ca_port | The non-SSL port number of the CA. |
| ca_ssl_port | The SSL port number of the CA. |
| ca_agent_name | The UID of the CA agent. |
| ca_agent_password | The password of the CA agent. |
| client_certdb_dir | The directory for the subsystem certificate databases. |
| client_certdb_pwd | The password to protect the certificate database. |
| preop_pin | The preoperation PIN number used for the initial configuration. |
| domain_name | The name of the security domain to which the subsystem will be added. |
| admin_user | The new admin user for the new subsystem. |
| admin_email | The email address of the admin user. |
| admin_password | The password for the admin user. |
| agent_name | The new agent for the new subsystem. |
| agent_key_size | The key size to use for generating the agent certificate and key pair. |
| agent_key_type | The key type to use for generating the agent certificate and key pair. |
| agent_cert_subject | The subject name for the agent certificate. |
| ldap_host | The hostname of the Directory Server machine. |
| ldap_port | The non-SSL port of the Directory Server. |
| bind_dn | The bind DN which will access the Directory Server; this is normally the Directory Manager ID. |
| bind_password | The bind DN password. |
| base_dn | The entry DN under which to create all of the subsystem entries. |
| db_name | The database name. |
| key_size | The size of the key to generate. The recommended size for an RSA key is 1048 bits for regular operations and 2048 bits for sensitive operations. The recommended size for an ECC key is 256 bits. |
| key_type | The type of key to generate, either RSA or ECC. |
| save_p12 | Sets whether to export the keys and certificate information to a backup PKCS #12 file. true backs up the information; false does not back up the information. Only for the CA subsystem. |
| backup_pwd | The password to protect the PKCS #12 backup file containing the subsystem keys and certificates. Not for use with TPS installation. |
| token_name | Gives the name of the HSM token used to store the subsystem certificates. Only for the CA subsystem. |
| token_password | Gives the password for the HSM. Only for the CA subsystem. |
| ldap_auth_host | Gives the hostname of the LDAP directory database to use for the TPS subsystem token database. Only for the TPS subsystem. |
| ldap_auth_port | Gives the port number of the LDAP directory database to use for the TPS subsystem token database. Only for the TPS subsystem. |
| ldap_auth_base_dn | Gives the base DN in the LDAP directory tree of the TPS token database under which to create token entries. Only for the TPS subsystem. |
Table 3.2. Parameters for pkisilent