# diff cadeployment.cfg subcadeployment.cfg
109c109
< pki_ajp_port=8009
---
> pki_ajp_port=18009
119,121c119,121
< pki_http_port=8080
< pki_https_port=8443
< pki_instance_name=pki-tomcat
---
> pki_http_port=18080
> pki_https_port=18443
> pki_instance_name=pki-sub-tomcat
125c125
< pki_tomcat_server_port=8005
---
> pki_tomcat_server_port=18005
162c162
< pki_subordinate=False
---
> pki_subordinate=True
# diff subcadeployment.cfg sub-subcadeployment.cfg
60c60
< pki_issuing_ca=
---
> pki_issuing_ca=https://server.example.com:18443
109c109
< pki_ajp_port=18009
---
> pki_ajp_port=28009
119,121c119,121
< pki_http_port=18080
< pki_https_port=18443
< pki_instance_name=pki-sub-tomcat
---
> pki_http_port=28080
> pki_https_port=28443
> pki_instance_name=pki-sub-sub-tomcat
125c125
< pki_tomcat_server_port=18005
---
> pki_tomcat_server_port=28005
148c148
< pki_ca_signing_subject_dn=
---
> pki_ca_signing_subject_dn=CN=Sub-SubCA Subsystem Certificate,O=example.com Security Domain
pki-tomcat:
# cd /var/lib/pki/pki-tomcat/alias
# certutil -d . -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
caSigningCert cert-pki-tomcat CA CTu,Cu,Cu
Server-Cert cert-pki-tomcat u,u,u
auditSigningCert cert-pki-tomcat CA u,u,Pu
ocspSigningCert cert-pki-tomcat CA u,u,u
subsystemCert cert-pki-tomcat CA u,u,u
# certutil -d . -L -n "caSigningCert cert-pki-tomcat CA" | more
. . .
Issuer: "CN=CA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=CA Signing Certificate,O=example.com Security Domain"
. . .
# certutil -d . -L -n "subsystemCert cert-pki-tomcat CA" | more
. . .
Issuer: "CN=CA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=CA Subsystem Certificate,O=example.com Security Domain"
. . .
# certutil -d . -L -n "Server-Cert cert-pki-tomcat" | more
. . .
Issuer: "CN=CA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=server.example.com,O=example.com Security Domain"
. . .
# certutil -d . -L -n "ocspSigningCert cert-pki-tomcat CA" | more
. . .
Issuer: "CN=CA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=CA OCSP Signing Certificate,O=example.com Security Domain"
. . .
# certutil -d . -L -n "auditSigningCert cert-pki-tomcat CA" | more
. . .
Issuer: "CN=CA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=CA Audit Signing Certificate,O=example.com Security Domain"
. . .
Serial number Status Subject name 0x1 valid 0x2 valid 0x3 valid 0x4 valid 0x5 valid 0x6 valid 0x7 valid 0x8 valid 0x9 valid 0xa valid
pki-sub-tomcat:
# cd /var/lib/pki/pki-sub-tomcat/alias
# certutil -d . -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA Signing Certificate - example.com Security Domain CT,c,
caSigningCert cert-pki-sub-tomcat CA CTu,Cu,Cu
ocspSigningCert cert-pki-sub-tomcat CA u,u,u
auditSigningCert cert-pki-sub-tomcat CA u,u,Pu
Server-Cert cert-pki-sub-tomcat u,u,u
subsystemCert cert-pki-sub-tomcat CA u,u,u
# certutil -d. -L -n "caSigningCert cert-pki-sub-tomcat CA" | more
. . .
Issuer: "CN=CA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=SubCA Signing Certificate,O=example.com Security Domain"
. . .
# certutil -d. -L -n "subsystemCert cert-pki-sub-tomcat CA" | more
. . .
Issuer: "CN=CA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=SubCA Subsystem Certificate,O=example.com Security Domain"
. . .
# certutil -d. -L -n "Server-Cert cert-pki-sub-tomcat" | more
. . .
Issuer: "CN=SubCA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=server.example.com,O=example.com Security Domain"
. . .
# certutil -d. -L -n "ocspSigningCert cert-pki-sub-tomcat CA" | more
. . .
Issuer: "CN=SubCA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=SubCA OCSP Signing Certificate,O=example.com Security Domain"
. . .
# certutil -d. -L -n "auditSigningCert cert-pki-sub-tomcat CA" | more
. . .
Issuer: "CN=SubCA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=SubCA Audit Signing Certificate,O=example.com Security Domain"
. . .
Serial number Status Subject name 0x1 valid 0x2 valid 0x3 valid 0x4 valid 0x5 valid 0x6 valid
pki-sub-sub-tomcat:
# cd /var/lib/pki/pki-sub-sub-tomcat/alias
# certutil -d . -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA Signing Certificate - example.com Security Domain CT,c,
SubCA Signing Certificate - example.com Security Domain c,c,
caSigningCert cert-pki-sub-sub-tomcat CA CTu,Cu,Cu
Server-Cert cert-pki-sub-sub-tomcat u,u,u
subsystemCert cert-pki-sub-sub-tomcat CA u,u,u
ocspSigningCert cert-pki-sub-sub-tomcat CA u,u,u
auditSigningCert cert-pki-sub-sub-tomcat CA u,u,Pu
# certutil -d . -L -n "caSigningCert cert-pki-sub-sub-tomcat CA" | more
. . .
Issuer: "CN=SubCA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=Sub-SubCA Subsystem Certificate,O=example.com Security Domain"
. . .
# certutil -d . -L -n "subsystemCert cert-pki-sub-sub-tomcat CA" | more
. . .
Issuer: "CN=CA Signing Certificate,O=example.com Security Domain"
. . .
Subject: "CN=SubCA Subsystem Certificate,O=example.com Security Domain"
. . .
# certutil -d . -L -n "Server-Cert cert-pki-sub-sub-tomcat" | more
. . .
Issuer: "CN=Sub-SubCA Subsystem Certificate,O=example.com Security Domain"
. . .
Subject: "CN=server.example.com,O=example.com Security Domain"
. . .
# certutil -d . -L -n "ocspSigningCert cert-pki-sub-sub-tomcat CA" | more
. . .
Issuer: "CN=Sub-SubCA Subsystem Certificate,O=example.com Security Domain"
. . .
Subject: "CN=SubCA OCSP Signing Certificate,O=example.com Security Domain"
. . .
# certutil -d . -L -n "auditSigningCert cert-pki-sub-sub-tomcat CA" | more
. . .
Issuer: "CN=Sub-SubCA Subsystem Certificate,O=example.com Security Domain"
. . .
Subject: "CN=SubCA Audit Signing Certificate,O=example.com Security Domain"
. . .
Serial number Status Subject name 0x1 valid 0x2 valid 0x3 valid 0x4 valid 0x5 valid