set hostname ============ install apache ============== yum install -y apache install 389-ds =============== yum install 389-ds-base setup-ds.pl -s -f dogtag-dirserv.inf dogtag-dirserv.inf ------------------ [General] FullMachineName = dogtag.fedoraproject.org ServerRoot = /usr/lib64/dirsrv SuiteSpotGroup = apache SuiteSpotUserID = apache [slapd] AddOrgEntries = Yes AddSampleEntries = No HashedRootDNPwd = {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX InstallLdifFile = suggest RootDN = cn=Directory Manager RootDNPwd = XXXXXXXX ServerIdentifier = dogtag ServerPort = 389 Suffix = dc=fedoraproject,dc=org bak_dir = /var/lib/dirsrv/slapd-dogtag/bak bindir = /usr/bin cert_dir = /etc/dirsrv/slapd-dogtag config_dir = /etc/dirsrv/slapd-dogtag datadir = /usr/share db_dir = /var/lib/dirsrv/slapd-dogtag/db ds_bename = userRoot inst_dir = /usr/lib64/dirsrv/slapd-dogtag ldif_dir = /var/lib/dirsrv/slapd-dogtag/ldif localstatedir = /var lock_dir = /var/lock/dirsrv/slapd-dogtag log_dir = /var/log/dirsrv/slapd-dogtag naming_value = fedoraproject run_dir = /var/run/dirsrv sbindir = /usr/sbin schema_dir = /etc/dirsrv/slapd-dogtag/schema sysconfdir = /etc tmp_dir = /tmp Firewall ========= create /etc/firewalld/services/dogtag.xml dogtag Dog Tag CA services restorecon -v /etc/firewalld/services/dogtag.xml firewall-cmd --permanent --add-service=dogtag firewall-cmd --reload install dogtag CA ================== yum install pki-ca (optional) install dog-tag-theme packages: server, console ========================================================= start CA instance ================= pkispawn -s CA -f myconfig.txt myconfig.txt [DEFAULT] pki_admin_password=XXXXXXXX1 pki_client_pkcs12_password=XXXXXXX2 pki_ds_password=XXXXXXXX pki_instance_name=fedoraproject-ca pki_skip_configuration=False pki_skip_installation=False pki_backup_keys=True pki_backup_password=XXXXXXX3 UI: ==== 1. Web -------- import Admin certificate into web browser, by coping ~/.dogtag/cse-ca/*.pkcs12 file point browser to: https://dogtag.fedoraproject.org:8443/ca 2. Configuration console GUI: ----------------------------- install pki-consle (Java Console) $ pkiconsole 3. CLI: ------- install pki-tools preferably 10.2, and pki command tool. available on fedora 21 $ pki