Subtask 4: Steps for configuring the UNIX environment
Before you begin
This procedure requires you to be familiar with the information in Configuring the UNIX runtime environment. There are more details about the following steps there.Procedure
- Set up a var directory for this CA domain. Perform the steps in Steps for setting up the var directory.
- Locate the pkiserv.conf, pkiserv.envars,
and pkiserv.tmpl files you originally used to create
your initial CA domain. Copy them into the appropriate runtime directory
for your new CA domain. (Check Table 1.)
For a new CA domain called Employees, run the following
commands from the UNIX command line.
(You might have to make the directory first.) Examples:
mkdir /etc/pkiserv/employees chown pkisrvd /etc/pkiserv/employees cp -p /etc/pkiserv/* /etc/pkiserv/employees
_______________________________________________________________
- Edit the new pkiserv.conf file by entering the
following command:Example:
oedit /etc/pkiserv/employees/pkiserv.conf
_______________________________________________________________
- Change the following sections of pkiserv.conf as
described for this CA domain. (Find detailed information for each
variable in Table 1.)
- ObjectStore
- If you are implementing the object store and ICL using VSAM, qualify
each VSAM data set name with the CA domain name. Example: ObjectDSN='pkisrvd.employee.vsam.ost'
If you are implementing the object store and ICL using DB2®, set the DB2 package name to the CA domain name. Example: DBPackage=employee
- CertPolicy
- If CRLDistDirPath is not null, modify it to reference the correct subdirectory. (You might have to create this directory.) Example: CRLDistDirPath=/var/pkiserv/employees. See Determining CRLDistDirPath for more information.
- General
- Update each path name to the correct subdirectory. Example: ReadyMessageForm=/etc/pkiserv/employees/readymsg.form
- SAF
- Update the key ring name to match the ca_ring value you recorded. Example: PKISRVD/Caring.Employees
- LDAP
- Do not update the LDAP section unless you need to change
the LDAP directory. If you need to change it, see Steps for tailoring the LDAP section of the configuration file.
Make sure that the LDAP directory is configured with a suffix for this CA domain. (See the explanation for the Suffix variable in Table 1.)
_______________________________________________________________
- (Optional) Change other values in any section of pkiserv.conf as
you want for this CA domain.
_______________________________________________________________
- Edit the new pkiserv.envars file by entering
the following command:Example:
oedit /etc/pkiserv/employees/pkiserv.envars
_______________________________________________________________
- Define the _PKISERV_CA_DOMAIN environment variable
for this CA domain name. (For details, see The pkiserv.envars environment variables file.)Example:
_PKISERV_CA_DOMAIN=EMPLOYEE
_______________________________________________________________
Continue to the next subtask. Guideline: Complete all subtasks for this new CA domain and ensure that it operates properly before adding another CA domain.