Administration Guide
iv
1.4.7. Management Tools .......................................................................................... 19
1.4.8. JRE ................................................................................................................ 20
1.4.9. Internal Database ............................................................................................ 20
1.4.10. SSL/TLS and Supported Cipher Suites ............................................................ 20
1.5. Support for Open Standards ....................................................................................... 21
1.5.1. Certificate Management Formats and Protocols ................................................. 21
1.5.2. Security and Directory Protocols ....................................................................... 21
2. Installation and Configuration 23
2.1. Deployment Considerations ......................................................................................... 23
2.1.1. Security Domains ............................................................................................ 24
2.1.2. Cloning a Subsystem ....................................................................................... 24
2.1.3. Self-Signed Root CA or Subordinate CA ........................................................... 24
2.2. Prerequisites .............................................................................................................. 25
2.2.1. Supported Platforms ........................................................................................ 25
2.2.2. Required Programs and Dependencies ............................................................. 26
2.2.3. Packages Installed ........................................................................................... 28
2.3. Configuration Preparation ........................................................................................... 32
2.3.1. Required Information ........................................................................................ 32
2.3.2. Default Settings ............................................................................................... 33
2.4. Configuration Setup Wizard ........................................................................................ 34
2.4.1. Security Domain Panel .................................................................................... 34
2.4.2. Subsystem Type Panel .................................................................................... 35
2.4.3. PKI Hierarchy Panel ........................................................................................ 36
2.4.4. CA Information Panel ....................................................................................... 37
2.4.5. TKS Information Panel ..................................................................................... 37
2.4.6. DRM Information Panel .................................................................................... 38
2.4.7. Authentication Directory Panel .......................................................................... 39
2.4.8. Internal Database Panel ................................................................................... 39
2.4.9. Key Store Panel .............................................................................................. 40
2.4.10. Key Pairs Panel ............................................................................................. 41
2.4.11. Subject Names Panel ..................................................................................... 42
2.4.12. Requests and Certificates Panel ..................................................................... 43
2.4.13. Export Keys and Certificates Panel ................................................................. 44
2.4.14. Administrator Panel ........................................................................................ 45
2.5. Installing the Certificate System ................................................................................. 46
2.5.1. Installing from an ISO Image ............................................................................ 46
2.5.2. Installing through up2date ................................................................................ 48
2.6. Configuring the Default Subsystem Instances ............................................................... 48
2.6.1. Configuring a CA ............................................................................................. 48
2.6.2. Configuring a DRM, OCSP, or TKS ................................................................... 50
2.6.3. Configuring a TPS ........................................................................................... 51
2.7. Creating Additional Subsystem Instances ..................................................................... 52
2.7.1. Running pkicreate ............................................................................................ 52
2.7.2. Running pkicreate with Port Separation ............................................................. 53
2.8. Cloning a Subsystem .................................................................................................. 53
2.9. Silent Installation ........................................................................................................ 55
2.10. Updating Certificate System Packages ....................................................................... 56
2.10.1. Updating Certificate System on Red Hat Enterprise Linux ................................. 57
2.10.2. Updating Certificate System on Solaris ............................................................ 57
2.11. Uninstalling Certificate System Subsystems ................................................................ 59
2.11.1. Removing a Subsystem Instance .................................................................... 59