Chapter 13. Basic Subsystem Management


This chapter discusses the Certificate System administrative console, the configuration files, and other basic administrative tasks such as starting and stopping the server, managing logs, changing port assignments, and changing the internal database.

13.1. PKI Instances

This version of the Certificate System continues to support separate PKI instances for all subsystems.
Separate PKI instances
  • run as a single Java-based Apache Tomcat instance,
  • contain a single PKI subsystem (CA, KRA, OCSP, TKS, or TPS), and
  • must utilize unique ports if co-located on the same physical machine or virtual machine (VM).
Additionally, this version of the Certificate System introduces the notion of a shared PKI instance.
Shared PKI instances
  • run as a single Java-based Apache Tomcat instance,
  • can contain a single PKI subsystem that is identical to a separate PKI instance,
  • can contain any combination of up to one of each type of PKI subsystem:
    • CA
    • TKS
    • CA, KRA
    • CA, OCSP
    • TKS, TPS
    • CA, KRA, TKS, TPS
    • CA, KRA, OCSP, TKS, TPS
    • and so on.
  • allow all of their subsystems contained within that instance to share the same ports, and
  • must utilize unique ports if more than one is co-located on the same physical machine or VM.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.