Chapter 5. Step 2: Installing the New Certificate System
Install a new Certificate System 7.3 instance. All subsystem instances are installed separately; make sure that every subsystem type which will be migrated has a corresponding new subsystem instance.
Obtain the appropriate packages. This can be done through the up2date command or through downloading the ISO image from the Red Hat Certificate System 7.3 Red Hat Network channel.
If installing from an ISO image, run the installation utility to install the packages. This is done automatically when using up2date.
rhpki-install -pki_subsystem=subsystem_type -pki_package_path=/path/to/ISO image -force
Configure the new Certificate System instance. It is possible to change the names of migrated Certificate System subsystem instances, but greater care must be taken when extracting and renaming certain portions of the data. Because port numbers are stored in the server.xml file, which is unaffected by subsystem migration, port numbers can be changed between instances without difficulty.
Go through the HTML configuration wizard for each subsystem. When the installation process is completed, the server returns a URL pointing to the configuration wizard. For example:
http://server.example.com:9080/ca/admin/console/config/login? pin=Yc6EuvuY2OeezKeX7REk
The configuration wizard will fully configure the new subsystem instance and will generate all required certificates. Make sure to have all necessary information when going through this wizard. All subsystems require information to an external Red Hat Directory Server, including bind information. DRM, OCSP, TKS, and subordinate CAs require information for the CA which will generate their subsystem certificates.
For more information on the panels in the configuration wizard, see chapter 2, "Installation and Configuration," in the Certificate System Administration Guide.