Red Hat Summit7.2. Certificate System Packages
When installing the Certificate System packages you can either install them for each subsystem individually or all at once.
Important
To install and update Certificate Server packages, you must enable the corresponding repository. For details, see Section 6.6, “Attaching a Red Hat Subscription and Enabling the Certificate System Package Repository”.
The following subsystem packages and components are available:
- pki-ca: Provides the Certificate Authority (CA) subsystem.
- pki-kra: Provides the Key Recovery Authority (KRA) subsystem.
- pki-ocsp: Provides the Online Certificate Status Protocol (OCSP) responder.
- pki-tks: Provides the Token Key Service (TKS).
- pki-tps: Provides the Token Processing Service (TPS).
- pki-console and redhat-pki-console-theme: Provides the Java-based Red Hat PKI console. Both packages must be installed.
- pki-server and redhat-pki-server-theme: Provides the web-based Certificate System interface. Both packages must be installed.This package is installed as a dependency if you install one of the following packages: pki-ca, pki-kra, pki-ocsp, pki-tks, pki-tps
7.2.1. Installing Certificate System Packages in non-TMS Environments
Copy linkLink copied to clipboard!
To install subsystems in a non-Token Management System (TMS) environment:
yum install pki-ca redhat-pki-server-theme pki-console \
redhat-pki-console-theme pki-kra pki-ocsp
# yum install pki-ca redhat-pki-server-theme pki-console \
redhat-pki-console-theme pki-kra pki-ocsp
Follow instructions in Section 7.2.4, “Determining Certificate System Product Version” to check the product version.
7.2.2. Installing Certificate System Packages in TMS Environments
Copy linkLink copied to clipboard!
To install subsystems in a Token Management System (TMS) environment:
yum install redhat-pki
# yum install redhat-pki
The redhat-pki installs all Certificate System subsystem packages and components automatically.
Follow instructions in Section 7.2.4, “Determining Certificate System Product Version” to check the product version.
7.2.3. Updating Certificate System Packages
Copy linkLink copied to clipboard!
To update Certificate System and operating system packages, use the following procedure:
- Follow instructions in Section 7.2.4, “Determining Certificate System Product Version” to check the product version.
- Execute
# yum updateThe command above updates the whole system including the RHCS packages.Note
We suggest scheduling a maintenance window during which you can take the PKI infrastructure offline to install the update.Important
Updating Certificate System requires the PKI infrastructure to be restarted. - Then check version again by following Section 7.2.4, “Determining Certificate System Product Version”.The version number should confirm that the update was successfully installed.
To optionally download updates without installing, use the
--downloadonly option in the above procedure:
yum update --downloadonly
yum update --downloadonly
The downloaded packages are stored in the
/var/cache/yum/ directory. The yum update will later use the packages if they are the latest versions.
7.2.4. Determining Certificate System Product Version
Copy linkLink copied to clipboard!
The Red Hat Certificate System product version is stored in the
/usr/share/pki/CS_SERVER_VERSION file. To display the version:
cat /usr/share/pki/CS_SERVER_VERSION Red Hat Certificate System 9.4 (Batch Update 3)
# cat /usr/share/pki/CS_SERVER_VERSION
Red Hat Certificate System 9.4 (Batch Update 3)
To find the product version of a running server, access the following URLs from your browser:
http://host_name:port_number/ca/admin/ca/getStatushttp://host_name:port_number/kra/admin/kra/getStatushttp://host_name:port_number/ocsp/admin/ocsp/getStatushttp://host_name:port_number/tks/admin/tks/getStatushttp://host_name:port_number/tps/admin/tps/getStatus
Note
Note that each component is a separate package and thus could have a separate version number. The above will show the version number for each currently running component.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}