From 10312f5c177bf3eba86de1a36312b04008582a44 Mon Sep 17 00:00:00 2001 From: Christina Fu Date: Fri, 17 Jan 2025 10:38:53 -0800 Subject: [PATCH] [skip ci] docs/installation/server md -> adoc conversion --- .../server/Installing_Basic_PKI_Server.adoc | 40 +++++++++ .../server/Installing_Basic_PKI_Server.md | 41 +--------- ..._PKI_Server_with_Custom_NSS_Databases.adoc | 81 +++++++++++++++++++ ...ng_PKI_Server_with_Custom_NSS_Databases.md | 80 +----------------- 4 files changed, 123 insertions(+), 119 deletions(-) create mode 100644 docs/installation/server/Installing_Basic_PKI_Server.adoc create mode 100644 docs/installation/server/Installing_PKI_Server_with_Custom_NSS_Databases.adoc diff --git a/docs/installation/server/Installing_Basic_PKI_Server.adoc b/docs/installation/server/Installing_Basic_PKI_Server.adoc new file mode 100644 index 00000000000..2a5b473dda7 --- /dev/null +++ b/docs/installation/server/Installing_Basic_PKI_Server.adoc @@ -0,0 +1,40 @@ += Installing Basic PKI Server + +== Overview + +This page describes the process to create and configure a basic PKI server without any of the PKI subsystems. +This would be useful to troubleshoot general server issues (e.g. SSL). + +== Installation + +To install PKI server packages: + +``` +$ dnf install pki-server +``` + +== Creating PKI Server + +To create a PKI server: + +``` +$ pki-server create +``` + +This will create a PKI server in /var/lib/pki/pki-tomcat. + +See also link:https://github.com/dogtagpki/pki/wiki/PKI-Server-CLI[PKI Server CLI]. + +== Starting PKI Server + +To start PKI server: + +``` +$ pki-server run +``` + +To stop the server, press Ctrl-C. + +== See Also + +- link:../../admin/server/Configuring-HTTPS-Connector.adoc[Configuring HTTPS Connector] diff --git a/docs/installation/server/Installing_Basic_PKI_Server.md b/docs/installation/server/Installing_Basic_PKI_Server.md index e0adb88432b..c74e8c95293 100644 --- a/docs/installation/server/Installing_Basic_PKI_Server.md +++ b/docs/installation/server/Installing_Basic_PKI_Server.md @@ -1,40 +1 @@ -# Installing Basic PKI Server - -## Overview - -This page describes the process to create and configure a basic PKI server without any of the PKI subsystems. -This would be useful to troubleshoot general server issues (e.g. SSL). - -## Installation - -To install PKI server packages: - -``` -$ dnf install pki-server -``` - -## Creating PKI Server - -To create a PKI server: - -``` -$ pki-server create -``` - -This will create a PKI server in /var/lib/pki/pki-tomcat. - -See also [PKI Server CLI](https://github.com/dogtagpki/pki/wiki/PKI-Server-CLI). - -## Starting PKI Server - -To start PKI server: - -``` -$ pki-server run -``` - -To stop the server, press Ctrl-C. - -## See Also - -- [Configuring HTTPS Connector](../../admin/server/Configuring-HTTPS-Connector.adoc) +Converted/moved to [Installing_Basic_PKI_Server.adoc](../server/Installing_Basic_PKI_Server.adoc) \ No newline at end of file diff --git a/docs/installation/server/Installing_PKI_Server_with_Custom_NSS_Databases.adoc b/docs/installation/server/Installing_PKI_Server_with_Custom_NSS_Databases.adoc new file mode 100644 index 00000000000..8d018ae1d57 --- /dev/null +++ b/docs/installation/server/Installing_PKI_Server_with_Custom_NSS_Databases.adoc @@ -0,0 +1,81 @@ += Installing PKI Server with Custom NSS Databases + +== Overview + +This page describes the process to create a PKI server with custom NSS databases. + +Normally, when installing a PKI subsystem (e.g. CA) some NSS databases will be created by default, for example: + +* server NSS database: /var/lib/pki/pki-tomcat/conf/alias +* admin NSS database: ~/.dogtag/pki-tomcat/ca/alias + +Under some circumstances the admin may want to use custom NSS databases (e.g. with trust policy). +In those cases the installation can be done in multiple steps: + +* create a basic PKI server +* optionally, create a custom NSS database for the server +* optionally, create a custom NSS database for the admin +* install PKI subsystem with regular installation procedure + +== Creating Basic PKI Server + +To create a basic PKI server, execute the following command: + +``` +$ pki-server create +``` + +This will create a server in /var/lib/pki/pki-tomcat with configuration files in /var/lib/pki/pki-tomcat/conf. + +See also link:https://github.com/dogtagpki/pki/wiki/PKI-Server-CLI[PKI Server CLI]. + +== Creating Custom NSS Database for PKI Server + +To create a custom NSS database for the server execute the following commands: + +``` +$ pki-server nss-create --password +``` + +To enable trust policy: + +``` +$ modutil \ + -dbdir /var/lib/pki/pki-tomcat/conf/alias \ + -add p11-kit-trust \ + -libfile /usr/share/pki/lib/p11-kit-trust.so +``` + +See also link:https://github.com/dogtagpki/pki/wiki/PKI-Server-NSS-CLI[PKI Server NSS CLI]. + +== Creating Custom NSS Database for PKI Administrator + +To create a custom NSS database for the admin execute the following commands: + +``` +$ pki -d ~/.dogtag/pki-tomcat/ca/alias -c nss-create +``` + +To enable trust policy: + +``` +$ modutil \ + -dbdir ~/.dogtag/pki-tomcat/ca/alias \ + -add p11-kit-trust \ + -libfile /usr/share/pki/lib/p11-kit-trust.so +``` + +See also link:https://github.com/dogtagpki/pki/wiki/PKI-NSS-CLI[PKI NSS CLI]. + +== Installling PKI Subsystem + +To install a PKI subsystem in this server, follow the regular link:https://www.dogtagpki.org/wiki/PKI_10_Installation[installation procedure]. +Make sure to use the same NSS database passwords, for example: + +``` +[DEFAULT] +pki_server_database_password= + +[CA] +pki_client_database_password= +``` diff --git a/docs/installation/server/Installing_PKI_Server_with_Custom_NSS_Databases.md b/docs/installation/server/Installing_PKI_Server_with_Custom_NSS_Databases.md index 3c378c55422..7cd92bee138 100644 --- a/docs/installation/server/Installing_PKI_Server_with_Custom_NSS_Databases.md +++ b/docs/installation/server/Installing_PKI_Server_with_Custom_NSS_Databases.md @@ -1,79 +1 @@ -# Installing PKI Server with Custom NSS Databases - -## Overview - -This page describes the process to create a PKI server with custom NSS databases. - -Normally, when installing a PKI subsystem (e.g. CA) some NSS databases will be created by default, for example: -* server NSS database: /var/lib/pki/pki-tomcat/conf/alias -* admin NSS database: ~/.dogtag/pki-tomcat/ca/alias - -Under some circumstances the admin may want to use custom NSS databases (e.g. with trust policy). -In those cases the installation can be done in multiple steps: -* create a basic PKI server -* optionally, create a custom NSS database for the server -* optionally, create a custom NSS database for the admin -* install PKI subsystem with regular installation procedure - -## Creating Basic PKI Server - -To create a basic PKI server, execute the following command: - -``` -$ pki-server create -``` - -This will create a server in /var/lib/pki/pki-tomcat with configuration files in /var/lib/pki/pki-tomcat/conf. - -See also [PKI Server CLI](https://github.com/dogtagpki/pki/wiki/PKI-Server-CLI). - -## Creating Custom NSS Database for PKI Server - -To create a custom NSS database for the server execute the following commands: - -``` -$ pki-server nss-create --password -``` - -To enable trust policy: - -``` -$ modutil \ - -dbdir /var/lib/pki/pki-tomcat/conf/alias \ - -add p11-kit-trust \ - -libfile /usr/share/pki/lib/p11-kit-trust.so -``` - -See also [PKI Server NSS CLI](https://github.com/dogtagpki/pki/wiki/PKI-Server-NSS-CLI). - -## Creating Custom NSS Database for PKI Administrator - -To create a custom NSS database for the admin execute the following commands: - -``` -$ pki -d ~/.dogtag/pki-tomcat/ca/alias -c nss-create -``` - -To enable trust policy: - -``` -$ modutil \ - -dbdir ~/.dogtag/pki-tomcat/ca/alias \ - -add p11-kit-trust \ - -libfile /usr/share/pki/lib/p11-kit-trust.so -``` - -See also [PKI NSS CLI](https://github.com/dogtagpki/pki/wiki/PKI-NSS-CLI). - -## Installling PKI Subsystem - -To install a PKI subsystem in this server, follow the regular [installation procedure](https://www.dogtagpki.org/wiki/PKI_10_Installation). -Make sure to use the same NSS database passwords, for example: - -``` -[DEFAULT] -pki_server_database_password= - -[CA] -pki_client_database_password= -``` +Converted/moved to [Installing_PKI_Server_with_Custom_NSS_Databases.adoc](../server/Installing_PKI_Server_with_Custom_NSS_Databases.adoc) \ No newline at end of file