此内容没有您所选择的语言版本。

7.2. Certificate System Packages


When installing the Certificate System packages you can either install them for each subsystem individually or all at once.

Important

To install and update Certificate Server packages, you must enable the corresponding repository. For details, see Section 6.6, “Attaching a Red Hat Subscription and Enabling the Certificate System Package Repository”.
The following subsystem packages and components are available:
  • pki-ca: Provides the Certificate Authority (CA) subsystem.
  • pki-kra: Provides the Key Recovery Authority (KRA) subsystem.
  • pki-ocsp: Provides the Online Certificate Status Protocol (OCSP) responder.
  • pki-tks: Provides the Token Key Service (TKS).
  • pki-tps: Provides the Token Processing Service (TPS).
  • pki-console and redhat-pki-console-theme: Provides the Java-based Red Hat PKI console. Both packages must be installed.
  • pki-server and redhat-pki-server-theme: Provides the web-based Certificate System interface. Both packages must be installed.
    This package is installed as a dependency if you install one of the following packages: pki-ca, pki-kra, pki-ocsp, pki-tks, pki-tps

Example 7.1. Installing Certificate System Packages

  • To install the CA subsystem and the optional web interface, enter:
    # yum install pki-ca redhat-pki-server-theme
    For other subsystems, replace the pki-ca package name with the one of the subsystem you want to install.
  • If you require the optional PKI console:
    # yum install pki-console redhat-pki-console-theme
  • Alternatively, install all Certificate System subsystem packages and components automatically:
    # yum install redhat-pki

7.2.1. Updating Certificate System Packages

To update Certificate System and operating system packages, use the following procedure:
  1. Follow instructions in Section 7.2.2, “Determining Certificate System Product Version” to check the product version.
  2. Execute # yum update
    The command above updates the whole system including the RHCS packages.

    Note

    We suggest scheduling a maintenance window during which you can take the PKI infrastructure offline to install the update.

    Important

    Updating Certificate System requires the PKI infrastructure to be restarted.
  3. The version number should confirm that the update was successfully installed.
To optionally download updates without installing, use the --downloadonly option in the above procedure:
yum update --downloadonly
The downloaded packages are stored in the /var/cache/yum/ directory. The yum update will later use the packages if they are the latest versions.

7.2.2. Determining Certificate System Product Version

The Red Hat Certificate System product version is stored in the /usr/share/pki/CS_SERVER_VERSION file. To display the version:
# cat /usr/share/pki/CS_SERVER_VERSION
Red Hat Certificate System 9.4 (Batch Update 3)
To find the product version of a running server, access the following URLs from your browser:
  • http://host_name:port_number/ca/admin/ca/getStatus
  • http://host_name:port_number/kra/admin/kra/getStatus
  • http://host_name:port_number/ocsp/admin/ocsp/getStatus
  • http://host_name:port_number/tks/admin/tks/getStatus
  • http://host_name:port_number/tps/admin/tps/getStatus

Note

Note that each component is a separate package and thus could have a separate version number. The above will show the version number for each currently running component.
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.