Skip to content

Enabling Nuxwdog

Endi S. Dewata edited this page Mar 27, 2024 · 3 revisions

Overview

This page describes the process to enable Nuxwdog on a PKI server instance.

Procedure

First, shutdown the server with the following command:

$ systemctl stop [email protected]

Then enable Nuxwdog with the following command:

$ pki-server nuxwdog-enable

If any of the system certificates reside on a cryptographic token other than the internal NSS database, you will see entries like this in /var/lib/pki/pki-tomcat/conf/password.conf:

hardware-<token>=<password>

In that case, add the following parameter to /var/lib/pki/pki-tomcat/conf/<subsystem>/CS.cfg:

cms.tokenList=<token>

Remove the password file or move it somewhere else:

$ rm -f /var/lib/pki/pki-tomcat/conf/password.conf

Finally, restart the server with the following command:

$ systemctl start [email protected]
[pki-tomcat] Please provide the password for internal: **********
[pki-tomcat] Please provide the password for internaldb: **********
[pki-tomcat] Please provide the password for replicationdb: ***********
Clone this wiki locally