Created Friday 01 December 2023
I tried to install this using Debian, but just too difficult. No point re-inventing the wheel, so I'm
installing on a CentOS 8 system with 8G disk space and an encrypted root disk.
I did find an excellent doc on how to install an off-line CA on CentOS, but it's for CentOS 7. I will follow
it and see if it works with CentOS 8;
install apache and php - NOT REQUIRED!
CentOS 8 uses tomcat. If these are installed, dogtag installation fails
Configure firewall
CentOS 8 used firewall-cmd
firewall-cmd --permanent --zone=public --remove-service=cockpit
firewall-cmd --list-all
Entropy
make sure quemu-guest-client is installed. Also add VirtIO RNG to the guest hardware
Make sure you have the VirtIO RING added to vm's hardware and reboot
selinux
need to set selinux to permissive to do the install, or probably not? I'm thinking that CentOS8 will
hopefullt set selinux up properly. yes they did.
#sudo setenforce 0
#sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
hosts file
make sure hosts ip address in in /etc/hosts file
389-ds-base pki-ca
REF: https://www.techsupportpk.com/2020/04/how-to-set-up-389-directory-server-centos-rhel-8.html
yum -y install 389-ds-base pki-ca
unistall cockpit if you don't want to use it
systemctl enable dirsrv@ca.service
systemctl start dirsrv.target
systemctl start dirsrv@ca.service
systemctl status dirsrv.target
systemctl status dirsrv@ca.service
lsof -i -P -n | grep LISTEN
dogtag theme
get the version ok pki that is installed
during this install the version was 10.8.3 and this is the one that I found
Setup Dogtag CA
if it fails and you need to remove, use
systemctl enable pki-tomcatd@
systemctl start pki-tomcatd.target
systemctl start pki-tomcatd@
now access via
Administrator's PKCS #12 file:
looks like I've somehow got it working to this point
This is a YouTube tutorial
The instructions are a little dated, but they can be followed. I generated the signing request using openssl
then got dogtag to sign it.