Description

Dogtag Certificate System setup and configuration

How to test

First, prerequisites, Java OpenJDK, 389-ds-base needs to be installed.And configure the basic DS instance using setup-ds.pl(accept all defaults)
$ yum install java-1.6.0-openjdk

$ yum install 389-ds-base

$ /usr/sbin/setup-ds.pl
Next,is to install all main dogtag PKI packages

yum install pki-ca pki-ra pki-kra pki-ocsp pki-tks pki-tps pki-console --enablerepo=updates-testing
Next, Once installed, create instances for each subsystem using the /usr/bin/pkicreate command(see pkicreate --help for more). The below is an example of creating an instance of CA(Certificate Authority) subsystem
=======================================================

pkicreate -pki_instance_root=/var/lib \

-pki_instance_name=pki-ca \

-subsystem_type=ca \

-agent_secure_port=9443 \

-ee_secure_port=9444 \

-admin_secure_port=9445 \

-unsecure_port=9180 \

-tomcat_server_port=9701 \

-user=pkiuser \

-group=pkiuser \

-redirect conf=/etc/pki-ca \

-redirect logs=/var/log/pki-ca \

-verbose

========================================================
Once the instance creation is finished from step-1, go through configuration wizard for CA and finish installation (or use the pkisilent script to silently configure. see 'pki-silent' package and it's template file '/usr/share/pki/silent/pki_silent.template' )

Silent script for CA: Note-replace the -bind_password appropriately from your step-1

http://kashyapc.fedorapeople.org/dogtag-pki/pkisilent-scripts/ca-silent.bash

Now, try to Configure the rest of the subsystems(RA,OCSP,KRA,TKS,TPS) by creating instances using 'pkicreate' (again see 'pkicreate' syntax for help)

The following must be true to consider this a successful test run. Be brief ... but explicit.

Step #1 completes without error
Step #2 completes without error
Step #3 CA Instance gets created successfully
Step #4 CA instance should be configured fine(and respectively other subsystems)