Overview

This page describes the process to install PKI 9 server. A server instance can only contain a single PKI subsystem, so the terms server, instance, and subsystem are interchangeable in PKI 9.

The installation process consists of two parts:

• Installation

• Configuration

Prerequisites

Please make sure you meet all these prerequisites before you attempt to run a Dogtag Certificate System.

System Prerequisites

The following system prerequisites are required to build PKI subsystems:

• operating systems and tools

Runtime Tools

The following runtime environment is required to build these PKI subsystems:

• runtime tools

Directory Server Requirements

The CA, DRM, OCSP, TKS, and TPS require the Fedora Directory Server to be installed, while the RA requires SQLite. Dogtag Certificate System uses the Fedora Directory Server to store information about certificates that it issues. The following page provides more details:

• data storage requirements

Browser

PKI 9 server installation requires Firefox browser.

Note: Firefox removed window.crypto.generateCRMFRequest feature. The latest supported browser is Firefox 32. Linux binaries are available on the Mozilla web site.

Installing PKI Packages

To install PKI packages, become the root user, and execute the following commands:

$ yum install pki-ca pki-kra pki-ocsp pki-ra pki-tks pki-tps

This will install many dependencies, too.

See PKI 9.0 Download.

Installing PKI Subsystem

• PKI 9 CA Installation

• PKI 9 KRA Installation

• PKI 9 OCSP Installation

• PKI 9 RA Installation

• PKI 9 TKS Installation

• PKI 9 TPS Installation

Removing PKI Subsystem

To remove a PKI subsystem the following command can be used:

$ /usr/bin/pkiremove