Procedure
Perform the following steps to
configure the UNIX environment
for this new CA domain.
- Set up a var directory for this CA domain. Perform
the steps in Steps for setting up the var directory.
- Locate the pkiserv.conf, pkiserv.envars,
and pkiserv.tmpl files you originally used to create
your initial CA domain. Copy them into the appropriate runtime directory
for your new CA domain. (Check Table 1.)
For a new CA domain called Employees, run the following
commands from the UNIX command
line. (You might have to make the directory first.)
Examples:mkdir /etc/pkiserv/employees
chown pkisrvd /etc/pkiserv/employees
cp -p /etc/pkiserv/* /etc/pkiserv/employees
_______________________________________________________________
- Edit the new pkiserv.conf file by entering the
following command:
Example:oedit /etc/pkiserv/employees/pkiserv.conf
_______________________________________________________________
- Change the following sections of pkiserv.conf as
described for this CA domain. (Find detailed information for each
variable in Table 1.)
- ObjectStore
- If you are implementing the object store and ICL using VSAM, qualify
each VSAM data set name with the CA domain name. Example: ObjectDSN='pkisrvd.employee.vsam.ost'
If
you are implementing the object store and ICL using DB2®, set the DB2 package
name to the CA domain name. Example: DBPackage=employee
(See Subtask 7: Creating the object store and ICL.)
- CertPolicy
- If CRLDistDirPath is not null, modify it to reference
the correct subdirectory. (You might have to create this directory.) Example: CRLDistDirPath=/var/pkiserv/employees.
See Determining CRLDistDirPath for more information.
- General
- Update each pathname to the correct subdirectory. Example: ReadyMessageForm=/etc/pkiserv/employees/readymsg.form
- SAF
- Update the key ring name to match the ca_ring value
you recorded. Example: PKISRVD/Caring.Employees
- LDAP
- Do not update the LDAP section unless you need to change
the LDAP directory. If you need to change it, see Steps for tailoring the LDAP section of the configuration file.
Make sure the LDAP directory is configured
with a suffix for this CA domain. (See the explanation for the Suffix variable
in Table 1.)
_______________________________________________________________
- (Optional) Change other values in any section of pkiserv.conf as
desired for this CA domain.
_______________________________________________________________
- Edit the new pkiserv.envars file by entering
the following command:
Example:oedit /etc/pkiserv/employees/pkiserv.envars
_______________________________________________________________
- Define the _PKISERV_CA_DOMAIN environment variable
for this CA domain name. (For details, see The pkiserv.envars environment variables file.)
Example:_PKISERV_CA_DOMAIN=EMPLOYEE
_______________________________________________________________
When you are done: You
have updated the
pkiserv.conf and
pkiserv.envars files
for this CA domain. Record your progress in
Table 1.
Continue
to the next subtask. Guideline: Complete all subtasks for this
new CA domain and ensure that it operates properly before adding another
CA domain.