红帽全球峰会10.4. 配置 ACME Realm
本节描述了如何为 PKI ACME 响应器 配置域。realm 配置位于 /etc/pki/pki-tomcat/acme/realm.conf。
您可以使用 pki-server acme-realm-mod 命令通过命令行配置 ACME Realm。
在没有参数的情况下调用此命令会启动一个互动模式,例如:
$ pki-server acme-realm-mod The current value is displayed in the square brackets. To keep the current value, simply press Enter. To change the current value, enter the new value. To remove the current value, enter a blank space. Enter the type of the realm. Available types: ds. Database Type: ds Enter the location of the LDAP server (e.g. ldap://localhost.localdomain:389). Server URL [ldap://localhost.localdomain:389]: Enter the authentication type. Available types: BasicAuth, SslClientAuth. Authentication Type [BasicAuth]: Enter the bind DN. Bind DN [cn=Directory Manager]: Enter the bind password. Bind Password [ ****** ]: Enter the base DN for the ACME users subtree. Users DN [ou=people,dc=acme,dc=pki,dc=example,dc=com]: Enter the base DN for the ACME groups subtree. Groups DN [ou=groups,dc=acme,dc=pki,dc=example,dc=com]:-
使用--
type参数调用 命令会根据指定的类型创建新的配置。 - 使用其他参数调用 命令会更新指定的参数。
10.4.1. 配置 DS Realm
复制链接链接已复制到粘贴板!
您可以将 PKI ACME Responder 配置为使用目录服务器域。DS Realm 的示例配置位于 /usr/share/pki/acme/realm/ds/realm.conf。
配置目录服务器域:
-
为 DS 中的 ACME 用户和组准备子树。示例 LDIF 文件位于
/usr/share/pki/acme/realm/ds/create.ldif]。本例使用dc=acme,dc=pki,dc=example,dc=com作为基本 DN。 使用
ldapadd命令导入 LDIF 文件:$ ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 \ -f /usr/share/pki/acme/realm/ds/create.ldif将
/usr/share/pki/acme/realm/ds/realm.conf示例配置文件复制到/etc/pki/pki-tomcat/acme目录中,或者运行以下命令来自定义某些参数:$ pki-server acme-realm-mod --type ds \ -DbindPassword=Secret.123根据需要自定义配置:
在独立 ACME 部署中,
realm.conf文件应类似如下:class=org.example.acme.realm.DSRealm url=ldap://<hostname>:389 authType=BasicAuth bindDN=cn=Directory Manager bindPassword=Secret.123 usersDN=ou=people,dc=acme,dc=pki,dc=example,dc=com groupsDN=ou=groups,dc=acme,dc=pki,dc=example,dc=com在共享 CA 和 ACME 部署中,
realm.conf文件应类似如下:class=org.example.acme.realm.DSRealm configFile=conf/ca/CS.cfg usersDN=ou=people,dc=ca,dc=pki,dc=example,dc=com groupsDN=ou=groups,dc=ca,dc=pki,dc=example,dc=com
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}