Before you begin
This
procedure requires you to be familiar with the information in
Starting and stopping PKI Services. You will find additional details about the
following steps there.
Procedure
Perform the following steps to
start a separate instance of
PKI Services for this
new CA domain.
- Start the PKI Services daemon
for this CA domain by entering the MVS™ console
START command qualified with the appropriate runtime directory. (Check Table 1.)
Example:S PKISERVD,JOBNAME=EMPLOYEE,DIR='/etc/pkiserv/employees'
Guideline: To
simplify your environment, give this instance of
PKI Services a JOBNAME
that matches or relates to this CA domain name. When you add additional
CA domains, it will be easier to distinguish multiple jobs running
PKI Services.
_______________________________________________________________
- Restart the HTTP servers to enable the environment variables you
changed for this CA domain. Optionally, you can wait to do this until
after you have started all the new domain-specific daemons.
F IMWEBSRV,APPL=-restart
_______________________________________________________________
- Test that your new domain-specific PKI Services daemon
is functioning properly. Go to your Web pages by entering the following
URL from your browser:
http://<webserver-fully-qualified-domain-name>/<new-admin-domain-name>/public-cgi/camain.rexx
The webserver-fully-qualified-domain-name is
the common name (CN) portion of the Web server's distinguished name;
see Table 1.
You
should be able to go through your Web pages to request, retrieve,
and revoke an applicable certificate for this CA domain, possibly "PKI
browser certificate for authenticating to z/OS®". Ensure you can do this before adding
new CA domains.
_______________________________________________________________
When you are done: You
have customized the
IBM HTTP Server configuration
files for this CA domain. Record your progress in
Table 1.
Once
your new CA domain works properly, proceed to add another CA domain,
if needed. Guideline: Perform Subtasks 3 - 8 for
each new CA domain and ensure that the new CA domain operates properly
before proceeding to add another.