![]() Pki_storage_subject_dn=cn=DRM Storage Certificate,o=EXAMPLE.COM Pki_client_admin_cert_p12 = /root/ca-agent.p12 Pki_admin_cert_file=/root/.dogtag/pki-tomcat/ca_admin.cert Pki_admin_subject_dn = cn=ipa-ca-agent,O=EXAMPLE.COM Pki_client_database_password = mypassword2 Pki_client_database_dir = /tmp/tmp-ce2oQN Pki_security_domain_password= mypassword2 Replace the password, host name and realm names as appropriate to your installation. It is only needed during installation of the KRA. Install the KRA Create KRA installation configuration fileĬreate a file with these contents somewhere in your filesystem. NOTE: This configures IPA with its own DNS server. Install IPA server # ipa-server-install -a mypassword1 -p mypassword2 -domain= ipa_domain -realm= IPA_DOMAIN -setup-dns -no-forwarders -U ![]() Install required packages # yum install -y freeipa-server bind bind-dyndb-ldap pki-kra Install and configure IPA server Make sure all packages are up to date # yum update -y This procedure is only tested to work with the above versions NOTE: This is being developed as a Proof-of-Concept. This is also referred to as the Data Recovery Manager (DRM). A KRA is used for key escrow and recovery. This page explains how to setup and configure a KRA to an IPA server installed with a Dogtag CA. 6 Configure a browser for KRA adminisrtrative work.4.1 Create KRA installation configuration file.3.1 Make sure all packages are up to date.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |