8.2. Installing Red Hat Certificate System Subsystems
The following sections contain information on the prerequisites and procedures for installing Red Hat Certificate System subsystems, including basic information that you need to begin installing the packages. Basic installation process is as follows:
- Install a Red Hat Enterprise Linux 7.1 server with an active network connection.
Note
While not required, for most real-world deployments, the recommended approach is to install the Red Hat Directory Server and the Red Hat Certificate System on separate machines with Red Hat Enterprise Linux 7.1 installed. If separate machines are used in the deployment, unless otherwise noted, execute the following command sequences on both machines. - Subscribe the system using Red Hat Subscription Manager and attach the subscription providing Red Hat Certificate System:
# subscription-manager register # subscription-manager list --available --all
Make note of the pool ID providing Red Hat Certificate System. In addition, all certificate subsystems also require access to Red Hat Directory Server:# subscription-manager attach --pool=POOL_ID_CERT_SYSTEM # subscription-manager attach --pool=POOL_ID_DIR_SERVER
For the machine where the certificate system resides, also make sure to attach the subscription for the Red Hat Enterprise Linux Server, and then enable the Red Hat Enterprise Linux Optional repository:# subscription-manager attach --pool=POOL_ID_Red_Hat_Enterprise_Linux_Server # subscription-manager repos --enable rhel-7-server-optional-rpms
- Enable the certificate system and directory server repositories.
- Enable the certificate server repository on the machine where it will reside:
# subscription-manager repos --enable=rhel-7-server-rhcs-9-rpms
- Enable the directory server repository on the machine where it will reside:
# subscription-manager repos --enable=rhel-7-server-rhds-10-rpms
- Before continuing, make sure that the latest updates have been applied to each Red Hat Enterprise Linux 7.1 system you use:
# yum update
- On the machine where it will reside, install the directory server packages:
# yum install redhat-ds
- Ensure that a real domain name is specified in each
/etc/resolv.conffile and that a host name is set within each/etc/hostsfile. - On the machine where it will reside, run the directory server installation script, selecting the defaults or customizing as required:
# /usr/sbin/setup-ds-admin.pl
- On the machine where it will reside, install the certificate system packages:
# yum install redhat-pki
- On the machine where the certificate server resides, run the
pkispawnscript to create and configure the subsystem instances. At least one CA subsystem must be installed and fully configured before any other type of subsystem can be configured. For details, see the pkispawn man page. - To access the agent interface of various Red Hat Certificate System subsystems, use a properly configured local or remote Mozilla Firefox web browser.
Installing and configuring Red Hat Certificate System subsystems is described in more detail in the Planning, Installation, and Deployment Guide.
8.2.1. Verifying JDK Version
Red Hat Certificate System supports and automatically installs OpenJDK 1.7.0.
If you require another version, the OpenJDK can be installed by using
yum or by downloading the packages directly from http://openjdk.java.net/install/. For example:
# yum install java-1.7.0-openjdk
After installing the JDK, run
/usr/sbin/alternatives as root to ensure that the proper JDK is available and selected in order to use Red Hat Certificate System 9:
# /usr/sbin/alternatives --config java There are 3 programs which provide 'java'. Selection Command ----------------------------------------------- 1 /usr/lib/jvm/jre-1.4.2-gcj/bin/java + 2 /usr/lib/jvm/jre-1.7.0-openjdk/bin/java * 3 /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/java
Use the
/usr/sbin/alternatives command to configure the appropriate selection if it has not already been selected.
8.2.2. Installing through yum
To install the subsystems on Red Hat Enterprise Linux 7.1, run a command like the following for each subsystem:
# yum install pki-subsystem
subsystem can be any of the Red Hat Certificate System subsystems:
cafor the Certificate Manager.krafor the Key Recovery Authority.ocspfor the Online Certificate Status Protocol Responder.tksfor the Token Key System.tpsfor the Token Processing System.consolefor the Java console.
To install all Red Hat Certificate System 9 certificate server PKI packages, enter:
# yum install redhat-pki
8.2.3. Installing from an ISO image
Red Hat Certificate System 9 can be downloaded from Content Delivery Network as an ISO image. This ISO image contains an
RPMS/ directory which can be used as a local yum repository.
For the machine where the certificate system resides, make sure to attach the subscription for the Red Hat Enterprise Linux Server, and then enable the Red Hat Enterprise Linux Optional repository:
# subscription-manager attach --pool=POOL_ID_Red_Hat_Enterprise_Linux_Server # subscription-manager repos --enable rhel-7-server-optional-rpms
Place the
RPMS/ directory on a web server and then configure yum to use that location as a repository. After that, install Red Hat Certificate System as described in Section 8.2.2, “Installing through yum”.
Red Hat Directory Server can also be obtained as an ISO image. See the Directory Server documentation for details.
