Package pki-server

Certificate System - PKI Server Framework

The PKI Server Framework is required by the following four PKI subsystems:

    the Certificate Authority (CA),
    the Key Recovery Authority (KRA),
    the Online Certificate Status Protocol (OCSP) Manager,
    the Token Key Service (TKS), and
    the Token Processing Service (TPS).

This package is a part of the PKI Core used by the Certificate System.
The package contains scripts to create and remove PKI subsystems.


Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

PKI Core contains ALL top-level java-based Tomcat PKI components:

  * pki-symkey
  * pki-base
  * pki-base-python2 (alias for pki-base)
  * pki-base-python3
  * pki-base-java
  * pki-tools
  * pki-server
  * pki-ca
  * pki-kra
  * pki-ocsp
  * pki-tks
  * pki-tps
  * pki-javadoc

which comprise the following corresponding PKI subsystems:

  * Certificate Authority (CA)
  * Key Recovery Authority (KRA)
  * Online Certificate Status Protocol (OCSP) Manager
  * Token Key Service (TKS)
  * Token Processing Service (TPS)

Python clients need only install the pki-base package.  This
package contains the python REST client packages and the client
upgrade framework.

Java clients should install the pki-base-java package.  This package
contains the legacy and REST Java client packages.  These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.

Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools.  The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.

Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
    * dogtag-pki-server-theme
  * redhat-pki-server-theme (Red Hat Certificate System deployments)
    * redhat-pki-server-theme
  * customized pki theme (Customized Certificate System deployments)
    * <customized>-pki-server-theme

  NOTE:  As a convenience for standalone deployments, top-level meta
         packages may be provided which bind a particular theme to
         these certificate server packages.
General Commands
Command Description
pkidaemon provides status management of PKI instances
File Formats
File Description
pki_default.cfg Certificate Server instance default config file.
pki-server-logging PKI Server Logging Configuration
System Administration
Command Description
pkidestroy Removes a subsystem from an instance of Certificate Server.
pki-server Command-Line Interface for performing administrative tasks on Certificate System...
pki-server-cert Command-Line Interface for managing System Certificates.
pki-server-instance Command-Line Interface for managing Certificate System instances.
pki-server-migrate Command-Line Interface to run migration scripts on CS instances.
pki-server-nuxwdog Command-Line Interface for enabling CS instances to start using nuxwdog.
pki-server-subsystem Command-Line Interface for managing Certificate System subsystems.
pki-server-upgrade Tool for upgrading Certificate System server configuration.
pkispawn Sets up an instance of Certificate Server.