PKI Building

From Dogtag
Jump to: navigation, search

PKI Components

See the PKI Components page for details about all of the PKI subsystems that comprise the Dogtag Certificate System.

Prerequisites

Please make sure you meet all these prerequisites before you start to build a Dogtag Certificate System.

System Prerequisites

The following system prerequisites are required to build PKI subsystems:

Runtime Tools

The following runtime environment is required to build these PKI subsystems:

Directory Server Requirements

The CA, DRM, OCSP, TKS, and TPS require the Fedora Directory Server to be installed, while the RA requires SQLite. Dogtag Certificate System uses the Fedora Directory Server to store information about certificates that it issues. The following page provides more details:

Development Tools

The following development tools are required to build these PKI subsystems:

Additional Packages

Dogtag 9.0

Additionally, the RA and TPS subsystems require the Fortitude mod_nss and mod_revocator Apache plug-ins to be installed and enabled by the system's Apache web server.

For an RA subsystem, become the root user, and install the following packages:

yum install mod_nss mod_perl mod_revocator openldap-clients\
            openldap-devel perl-DBD-SQLite perl-HTML-Parser\
            perl-HTML-Tagset perl-Parse-RecDescent perl-URI\
            perl-XML-NamespaceSupport perl-XML-Parser perl-XML-SAX\
            perl-XML-Simple perl-libwww-perl sendmail sqlite

For a TPS subsystem, become the root user, and install the following packages:

yum install mod_nss mod_perl mod_revocator openldap-clients\
            openldap-devel pcre-devel perl-HTML-Parser\
            perl-HTML-Tagset perl-Parse-RecDescent perl-URI\
            perl-XML-NamespaceSupport perl-XML-Parser perl-XML-SAX\
            perl-XML-Simple perl-libwww-perl

Dogtag 1.3 and Earlier

Additionally, the RA and TPS subsystems require the Fortitude mod_nss Apache plug-in to be installed and enabled by the system's Apache web server.

For an RA subsystem, become the root user, and install the following packages:

yum install mod_nss mod_perl mozldap perl-DBD-SQLite perl-HTML-Parser\
            perl-HTML-Tagset perl-Parse-RecDescent perl-URI\
            perl-XML-NamespaceSupport perl-XML-Parser perl-XML-SAX\
            perl-XML-Simple perl-libwww-perl sendmail sqlite

For a TPS subsystem, become the root user, and install the following packages:

yum install mod_nss mod_perl mozldap pcre-devel perl-HTML-Parser\
            perl-HTML-Tagset perl-Parse-RecDescent perl-URI\
            perl-XML-NamespaceSupport perl-XML-Parser\
            perl-XML-SAX perl-XML-Simple perl-libwww-perl

Building the Dogtag Certificate System

Download the PKI Yum Repository Configuration File

Follow the instructions to download and install a PKI Yum repository configuration file:

Build the Dogtag Components

Dogtag 10

See Building Dogtag 10.

Dogtag 9 or Earlier

PKI components can be built individually or collectively via the subversion repository:

Alternatively, if the user does not wish to use the subversion repository, PKI components can be built individually using SRPMS:

PKI Subsystem Instance Installation

See PKI Install Guide.

Configure the PKI Subsystem

Finally, before an instance may be utilized, the user must configure the PKI subsystem instance:

Manage PKI Instances

To create additional instances, the following command can be used:

   /usr/bin/pkicreate

Similarly, to remove an existing instance, the following command can be used:

   /usr/bin/pkiremove

Additional Information