I didn't use any file for the installation, i used the basic questions with their answers. This is a replica of how things went.
[root@ocsp01 ~]# pkispawn -s OCSP -vvv
IMPORTANT:
Interactive installation currently only exists for very basic deployments!
For example, deployments intent upon using advanced features such as:
* Cloning,
* Elliptic Curve Cryptography (ECC),
* External CA,
* Hardware Security Module (HSM),
* Subordinate CA,
* etc.,
must provide the necessary override parameters in a separate
configuration file.
Run 'man pkispawn' for details.
Tomcat:
Instance [pki-tomcat]: testinstance
HTTP port [8080]:
Secure HTTP port [8443]:
AJP port [8009]:
Management port [8005]:
Administrator:
Username [ocspadmin]:
Password:
Verify password:
Import certificate (Yes/No) [Y]?
Import certificate from [/root/.dogtag/testinstance/ca_admin.cert]: /root/ca_admin.cert
Directory Server:
Hostname [ocsp01.pki.ccpsd.corp]: ca01
Use a secure LDAPS connection (Yes/No/Quit) [N]?
LDAP Port [389]:
Bind DN [cn=Directory Manager]:
Password:
Base DN [o=testinstance-OCSP]:
Security Domain:
Hostname [ocsp01.pki.ccpsd.corp]: ca01
Secure HTTP port [8443]:
Name: Test Instance Security Domain
Username [caadmin]:
Password:
Begin installation (Yes/No/Quit)? Yes
As you can see, the LDAP server was up, it asked for user and password and went to the next step. The security domain, when i indicated the host of the CA, it was detected, so that was good also.
If you take a look to the /etc/sysconfig/pki/tomcat/testinstance/ocsp/deployment.cfg
[DEFAULT]
pki_instance_name = testinstance
pki_admin_password = XXXXXXXX
pki_backup_password = XXXXXXXX
pki_client_database_password = XXXXXXXX
pki_client_pin = XXXXXXXX
pki_client_pkcs12_password = XXXXXXXX
pki_clone_pkcs12_password = XXXXXXXX
pki_ds_password = XXXXXXXX
pki_external_pkcs12_password = XXXXXXXX
pki_pkcs12_password = XXXXXXXX
pki_one_time_pin = XXXXXXXX
pki_pin = XXXXXXXX
pki_replication_password = XXXXXXXX
pki_security_domain_password = XXXXXXXX
pki_server_pkcs12_password = XXXXXXXX
pki_token_password = XXXXXXXX
[OCSP]
pki_http_port = 8080
pki_https_port = 8443
pki_ajp_port = 8009
pki_tomcat_server_port = 8005
pki_admin_uid = ocspadmin
pki_admin_password = XXXXXXXX
pki_backup_password = XXXXXXXX
pki_client_database_password = XXXXXXXX
pki_client_pkcs12_password = XXXXXXXX
pki_import_admin_cert = True
pki_admin_cert_file = /root/ca_admin.cert
pki_ds_hostname = ca01
pki_ds_ldap_port = 389
pki_ds_bind_dn = cn=Directory Manager
pki_ds_password = XXXXXXXX
pki_ds_base_dn = o=testinstance-OCSP
pki_security_domain_hostname = ca01
pki_security_domain_https_port = 8443
pki_security_domain_name = Test Instance Security Domain
pki_security_domain_user = caadmin
pki_security_domain_password = XXXXXXXX
pki_client_pin = XXXXXXXX
pki_clone_pkcs12_password = XXXXXXXX
pki_external_pkcs12_password = XXXXXXXX
pki_pkcs12_password = XXXXXXXX
pki_one_time_pin = XXXXXXXX
pki_pin = XXXXXXXX
pki_replication_password = XXXXXXXX
pki_server_pkcs12_password = XXXXXXXX
pki_token_password = XXXXXXXX
The CA deployment file is this
[DEFAULT]
pki_instance_name = testinstance
pki_admin_password = XXXXXXXX
pki_backup_password = XXXXXXXX
pki_client_database_password = XXXXXXXX
pki_client_pin = XXXXXXXX
pki_client_pkcs12_password = XXXXXXXX
pki_clone_pkcs12_password = XXXXXXXX
pki_ds_password = XXXXXXXX
pki_external_pkcs12_password = XXXXXXXX
pki_pkcs12_password = XXXXXXXX
pki_one_time_pin = XXXXXXXX
pki_pin = XXXXXXXX
pki_replication_password = XXXXXXXX
pki_security_domain_password = XXXXXXXX
pki_server_pkcs12_password = XXXXXXXX
pki_token_password = XXXXXXXX
[CA]
pki_http_port = 8080
pki_https_port = 8443
pki_ajp_port = 8009
pki_tomcat_server_port = 8005
pki_admin_uid = caadmin
pki_admin_password = XXXXXXXX
pki_backup_password = XXXXXXXX
pki_client_database_password = XXXXXXXX
pki_client_pkcs12_password = XXXXXXXX
pki_import_admin_cert = False
pki_client_admin_cert = /root/.dogtag/testinstance/ca_admin.cert
pki_ds_hostname = ca01.pki.ccpsd.corp
pki_ds_ldap_port = 389
pki_ds_bind_dn = cn=Directory Manager
pki_ds_password = XXXXXXXX
pki_ds_base_dn = o=testinstance-CA
pki_security_domain_name = Test Instance Security Domain
pki_client_pin = XXXXXXXX
pki_clone_pkcs12_password = XXXXXXXX
pki_external_pkcs12_password = XXXXXXXX
pki_pkcs12_password = XXXXXXXX
pki_one_time_pin = XXXXXXXX
pki_pin = XXXXXXXX
pki_replication_password = XXXXXXXX
pki_security_domain_password = XXXXXXXX
pki_server_pkcs12_password = XXXXXXXX
pki_token_password = XXXXXXXX
| Jonathan Montero IT Professional | IT Trainer |