-
Notifications
You must be signed in to change notification settings - Fork 139
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs/installation/server md -> adoc conversion
- Loading branch information
Showing
4 changed files
with
123 additions
and
119 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| = Installing Basic PKI Server | ||
|
|
||
| == Overview | ||
|
|
||
| This page describes the process to create and configure a basic PKI server without any of the PKI subsystems. | ||
| This would be useful to troubleshoot general server issues (e.g. SSL). | ||
|
|
||
| == Installation | ||
|
|
||
| To install PKI server packages: | ||
|
|
||
| ``` | ||
| $ dnf install pki-server | ||
| ``` | ||
|
|
||
| == Creating PKI Server | ||
|
|
||
| To create a PKI server: | ||
|
|
||
| ``` | ||
| $ pki-server create | ||
| ``` | ||
|
|
||
| This will create a PKI server in /var/lib/pki/pki-tomcat. | ||
|
|
||
| See also link:https://github.com/dogtagpki/pki/wiki/PKI-Server-CLI[PKI Server CLI]. | ||
|
|
||
| == Starting PKI Server | ||
|
|
||
| To start PKI server: | ||
|
|
||
| ``` | ||
| $ pki-server run | ||
| ``` | ||
|
|
||
| To stop the server, press Ctrl-C. | ||
|
|
||
| == See Also | ||
|
|
||
| - link:../../admin/server/Configuring-HTTPS-Connector.adoc[Configuring HTTPS Connector] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,40 +1 @@ | ||
| # Installing Basic PKI Server | ||
|
|
||
| ## Overview | ||
|
|
||
| This page describes the process to create and configure a basic PKI server without any of the PKI subsystems. | ||
| This would be useful to troubleshoot general server issues (e.g. SSL). | ||
|
|
||
| ## Installation | ||
|
|
||
| To install PKI server packages: | ||
|
|
||
| ``` | ||
| $ dnf install pki-server | ||
| ``` | ||
|
|
||
| ## Creating PKI Server | ||
|
|
||
| To create a PKI server: | ||
|
|
||
| ``` | ||
| $ pki-server create | ||
| ``` | ||
|
|
||
| This will create a PKI server in /var/lib/pki/pki-tomcat. | ||
|
|
||
| See also [PKI Server CLI](https://github.com/dogtagpki/pki/wiki/PKI-Server-CLI). | ||
|
|
||
| ## Starting PKI Server | ||
|
|
||
| To start PKI server: | ||
|
|
||
| ``` | ||
| $ pki-server run | ||
| ``` | ||
|
|
||
| To stop the server, press Ctrl-C. | ||
|
|
||
| ## See Also | ||
|
|
||
| - [Configuring HTTPS Connector](../../admin/server/Configuring-HTTPS-Connector.adoc) | ||
| Converted/moved to [Installing_Basic_PKI_Server.adoc](../server/Installing_Basic_PKI_Server.adoc) |
81 changes: 81 additions & 0 deletions
81
docs/installation/server/Installing_PKI_Server_with_Custom_NSS_Databases.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| = Installing PKI Server with Custom NSS Databases | ||
|
|
||
| == Overview | ||
|
|
||
| This page describes the process to create a PKI server with custom NSS databases. | ||
|
|
||
| Normally, when installing a PKI subsystem (e.g. CA) some NSS databases will be created by default, for example: | ||
|
|
||
| * server NSS database: /var/lib/pki/pki-tomcat/conf/alias | ||
| * admin NSS database: ~/.dogtag/pki-tomcat/ca/alias | ||
|
|
||
| Under some circumstances the admin may want to use custom NSS databases (e.g. with trust policy). | ||
| In those cases the installation can be done in multiple steps: | ||
|
|
||
| * create a basic PKI server | ||
| * optionally, create a custom NSS database for the server | ||
| * optionally, create a custom NSS database for the admin | ||
| * install PKI subsystem with regular installation procedure | ||
|
|
||
| == Creating Basic PKI Server | ||
|
|
||
| To create a basic PKI server, execute the following command: | ||
|
|
||
| ``` | ||
| $ pki-server create | ||
| ``` | ||
|
|
||
| This will create a server in /var/lib/pki/pki-tomcat with configuration files in /var/lib/pki/pki-tomcat/conf. | ||
|
|
||
| See also link:https://github.com/dogtagpki/pki/wiki/PKI-Server-CLI[PKI Server CLI]. | ||
|
|
||
| == Creating Custom NSS Database for PKI Server | ||
|
|
||
| To create a custom NSS database for the server execute the following commands: | ||
|
|
||
| ``` | ||
| $ pki-server nss-create --password <server password> | ||
| ``` | ||
|
|
||
| To enable trust policy: | ||
|
|
||
| ``` | ||
| $ modutil \ | ||
| -dbdir /var/lib/pki/pki-tomcat/conf/alias \ | ||
| -add p11-kit-trust \ | ||
| -libfile /usr/share/pki/lib/p11-kit-trust.so | ||
| ``` | ||
|
|
||
| See also link:https://github.com/dogtagpki/pki/wiki/PKI-Server-NSS-CLI[PKI Server NSS CLI]. | ||
|
|
||
| == Creating Custom NSS Database for PKI Administrator | ||
|
|
||
| To create a custom NSS database for the admin execute the following commands: | ||
|
|
||
| ``` | ||
| $ pki -d ~/.dogtag/pki-tomcat/ca/alias -c <client password> nss-create | ||
| ``` | ||
|
|
||
| To enable trust policy: | ||
|
|
||
| ``` | ||
| $ modutil \ | ||
| -dbdir ~/.dogtag/pki-tomcat/ca/alias \ | ||
| -add p11-kit-trust \ | ||
| -libfile /usr/share/pki/lib/p11-kit-trust.so | ||
| ``` | ||
|
|
||
| See also link:https://github.com/dogtagpki/pki/wiki/PKI-NSS-CLI[PKI NSS CLI]. | ||
|
|
||
| == Installling PKI Subsystem | ||
|
|
||
| To install a PKI subsystem in this server, follow the regular link:https://www.dogtagpki.org/wiki/PKI_10_Installation[installation procedure]. | ||
| Make sure to use the same NSS database passwords, for example: | ||
|
|
||
| ``` | ||
| [DEFAULT] | ||
| pki_server_database_password=<server password> | ||
|
|
||
| [CA] | ||
| pki_client_database_password=<client password> | ||
| ``` |
80 changes: 1 addition & 79 deletions
80
docs/installation/server/Installing_PKI_Server_with_Custom_NSS_Databases.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,79 +1 @@ | ||
| # Installing PKI Server with Custom NSS Databases | ||
|
|
||
| ## Overview | ||
|
|
||
| This page describes the process to create a PKI server with custom NSS databases. | ||
|
|
||
| Normally, when installing a PKI subsystem (e.g. CA) some NSS databases will be created by default, for example: | ||
| * server NSS database: /var/lib/pki/pki-tomcat/conf/alias | ||
| * admin NSS database: ~/.dogtag/pki-tomcat/ca/alias | ||
|
|
||
| Under some circumstances the admin may want to use custom NSS databases (e.g. with trust policy). | ||
| In those cases the installation can be done in multiple steps: | ||
| * create a basic PKI server | ||
| * optionally, create a custom NSS database for the server | ||
| * optionally, create a custom NSS database for the admin | ||
| * install PKI subsystem with regular installation procedure | ||
|
|
||
| ## Creating Basic PKI Server | ||
|
|
||
| To create a basic PKI server, execute the following command: | ||
|
|
||
| ``` | ||
| $ pki-server create | ||
| ``` | ||
|
|
||
| This will create a server in /var/lib/pki/pki-tomcat with configuration files in /var/lib/pki/pki-tomcat/conf. | ||
|
|
||
| See also [PKI Server CLI](https://github.com/dogtagpki/pki/wiki/PKI-Server-CLI). | ||
|
|
||
| ## Creating Custom NSS Database for PKI Server | ||
|
|
||
| To create a custom NSS database for the server execute the following commands: | ||
|
|
||
| ``` | ||
| $ pki-server nss-create --password <server password> | ||
| ``` | ||
|
|
||
| To enable trust policy: | ||
|
|
||
| ``` | ||
| $ modutil \ | ||
| -dbdir /var/lib/pki/pki-tomcat/conf/alias \ | ||
| -add p11-kit-trust \ | ||
| -libfile /usr/share/pki/lib/p11-kit-trust.so | ||
| ``` | ||
|
|
||
| See also [PKI Server NSS CLI](https://github.com/dogtagpki/pki/wiki/PKI-Server-NSS-CLI). | ||
|
|
||
| ## Creating Custom NSS Database for PKI Administrator | ||
|
|
||
| To create a custom NSS database for the admin execute the following commands: | ||
|
|
||
| ``` | ||
| $ pki -d ~/.dogtag/pki-tomcat/ca/alias -c <client password> nss-create | ||
| ``` | ||
|
|
||
| To enable trust policy: | ||
|
|
||
| ``` | ||
| $ modutil \ | ||
| -dbdir ~/.dogtag/pki-tomcat/ca/alias \ | ||
| -add p11-kit-trust \ | ||
| -libfile /usr/share/pki/lib/p11-kit-trust.so | ||
| ``` | ||
|
|
||
| See also [PKI NSS CLI](https://github.com/dogtagpki/pki/wiki/PKI-NSS-CLI). | ||
|
|
||
| ## Installling PKI Subsystem | ||
|
|
||
| To install a PKI subsystem in this server, follow the regular [installation procedure](https://www.dogtagpki.org/wiki/PKI_10_Installation). | ||
| Make sure to use the same NSS database passwords, for example: | ||
|
|
||
| ``` | ||
| [DEFAULT] | ||
| pki_server_database_password=<server password> | ||
| [CA] | ||
| pki_client_database_password=<client password> | ||
| ``` | ||
| Converted/moved to [Installing_PKI_Server_with_Custom_NSS_Databases.adoc](../server/Installing_PKI_Server_with_Custom_NSS_Databases.adoc) |