Subtask 4: Steps for configuring the UNIX environment

Before you begin

This procedure requires you to be familiar with the information in Configuring the UNIX runtime environment. There are more details about the following steps there.

Procedure

Perform the following steps to configure the UNIX environment for this new CA domain.
  1. Set up a var directory for this CA domain. Perform the steps in Steps for setting up the var directory.
  2. Locate the pkiserv.conf, pkiserv.envars, and pkiserv.tmpl files you originally used to create your initial CA domain. Copy them into the appropriate runtime directory for your new CA domain. (Check Table 1.) For a new CA domain called Employees, run the following commands from the UNIX command line. (You might have to make the directory first.)
    Examples:
    mkdir /etc/pkiserv/employees
chown pkisrvd /etc/pkiserv/employees
cp -p /etc/pkiserv/* /etc/pkiserv/employees

    _______________________________________________________________

  3. Edit the new pkiserv.conf file by entering the following command:
    Example:
    oedit /etc/pkiserv/employees/pkiserv.conf

    _______________________________________________________________

  4. Change the following sections of pkiserv.conf as described for this CA domain. (Find detailed information for each variable in Table 1.)
    ObjectStore
    If you are implementing the object store and ICL using VSAM, qualify each VSAM data set name with the CA domain name. Example: ObjectDSN='pkisrvd.employee.vsam.ost'

    If you are implementing the object store and ICL using DB2®, set the DB2 package name to the CA domain name. Example: DBPackage=employee

    (See Subtask 7: Creating the object store and ICL.)

    CertPolicy
    If CRLDistDirPath is not null, modify it to reference the correct subdirectory. (You might have to create this directory.) Example: CRLDistDirPath=/var/pkiserv/employees. See Determining CRLDistDirPath for more information.
    General
    Update each path name to the correct subdirectory. Example: ReadyMessageForm=/etc/pkiserv/employees/readymsg.form
    SAF
    Update the key ring name to match the ca_ring value you recorded. Example: PKISRVD/Caring.Employees
    LDAP
    Do not update the LDAP section unless you need to change the LDAP directory. If you need to change it, see Steps for tailoring the LDAP section of the configuration file.

    Make sure that the LDAP directory is configured with a suffix for this CA domain. (See the explanation for the Suffix variable in Table 1.)

    _______________________________________________________________

  5. (Optional) Change other values in any section of pkiserv.conf as you want for this CA domain.

    _______________________________________________________________

  6. Edit the new pkiserv.envars file by entering the following command:
    Example:
    oedit /etc/pkiserv/employees/pkiserv.envars

    _______________________________________________________________

  7. Define the _PKISERV_CA_DOMAIN environment variable for this CA domain name. (For details, see The pkiserv.envars environment variables file.)
    Example:
    _PKISERV_CA_DOMAIN=EMPLOYEE

    _______________________________________________________________

When you are done: You have updated the pkiserv.conf and pkiserv.envars files for this CA domain. Record your progress in Table 1.

Continue to the next subtask. Guideline: Complete all subtasks for this new CA domain and ensure that it operates properly before adding another CA domain.

Parent topic: Adding a new CA domain