How to Install and Uninstall pki-kra.noarch Package on Amazon Linux 2
Last updated: February 06,2025
1. Install "pki-kra.noarch" package
Please follow the instructions below to install pki-kra.noarch on Amazon Linux 2
$
sudo yum makecache
Copied
$
sudo yum install
pki-kra.noarch
Copied
2. Uninstall "pki-kra.noarch" package
Please follow the steps below to uninstall pki-kra.noarch on Amazon Linux 2:
$
sudo yum remove
pki-kra.noarch
Copied
$
sudo yum autoremove
Copied
3. Information about the pki-kra.noarch package on Amazon Linux 2
Loaded plugins: ovl, priorities
Available Packages
Name : pki-kra
Arch : noarch
Version : 10.5.18
Release : 12.amzn2.0.1
Size : 308 k
Repo : amzn2-core/2/x86_64
Summary : Certificate System - Key Recovery Authority
URL : http://pki.fedoraproject.org/
License : GPLv2
Description : The Key Recovery Authority (KRA) is an optional PKI subsystem that
: can act as a key archival facility. When configured in
: conjunction with the Certificate Authority (CA), the KRA stores
: private encryption keys as part of the certificate enrollment
: process. The key archival mechanism is triggered when a user
: enrolls in the PKI and creates the certificate request. Using the
: Certificate Request Message Format (CRMF) request format, a
: request is generated for the user's private encryption key. This
: key is then stored in the KRA which is configured to store keys in
: an encrypted format that can only be decrypted by several agents
: requesting the key at one time, providing for protection of the
: public encryption keys for the users in the PKI deployment.
:
: Note that the KRA archives encryption keys; it does NOT archive
: signing keys, since such archival would undermine non-repudiation
: properties of signing keys.
:
: This package is one of the top-level java-based Tomcat PKI
: subsystems provided by the PKI Core used by the Certificate
: System.
:
:
: ==================================
: || ABOUT "CERTIFICATE SYSTEM" ||
: ==================================
:
: Certificate System (CS) is an enterprise software system designed
: to manage enterprise Public Key Infrastructure (PKI) deployments.
:
: PKI Core contains ALL top-level java-based Tomcat PKI components:
:
: * pki-symkey
: * pki-base
: * pki-base-python2 (alias for pki-base)
: * pki-base-python3
: * pki-base-java
: * pki-tools
: * pki-server
: * pki-ca
: * pki-kra
: * pki-ocsp
: * pki-tks
: * pki-tps
: * pki-javadoc
:
: which comprise the following corresponding PKI subsystems:
:
: * Certificate Authority (CA)
: * Key Recovery Authority (KRA)
: * Online Certificate Status Protocol (OCSP) Manager
: * Token Key Service (TKS)
: * Token Processing Service (TPS)
:
: Python clients need only install the pki-base package. This
: package contains the python REST client packages and the client
: upgrade framework.
:
: Java clients should install the pki-base-java package. This
: package contains the legacy and REST Java client packages. These
: clients should also consider installing the pki-tools package,
: which contain native and Java-based PKI tools and utilities.
:
: Certificate Server instances require the fundamental classes and
: modules in pki-base and pki-base-java, as well as the utilities in
: pki-tools. The main server classes are in pki-server, with
: subsystem specific Java classes and resources in pki-ca, pki-kra,
: pki-ocsp etc.
:
: Finally, if Certificate System is being deployed as an individual
: or set of standalone rather than embedded server(s)/service(s), it
: is strongly recommended (though not explicitly required) to
: include at least one PKI Theme package:
:
: * dogtag-pki-theme (Dogtag Certificate System deployments)
: * dogtag-pki-server-theme
: * redhat-pki-server-theme (Red Hat Certificate System
: deployments)
: * redhat-pki-server-theme
: * customized pki theme (Customized Certificate System
: deployments)
: *-pki-server-theme
:
: NOTE: As a convenience for standalone deployments, top-level
: meta
: packages may be provided which bind a particular theme to
: these certificate server packages.
Available Packages
Name : pki-kra
Arch : noarch
Version : 10.5.18
Release : 12.amzn2.0.1
Size : 308 k
Repo : amzn2-core/2/x86_64
Summary : Certificate System - Key Recovery Authority
URL : http://pki.fedoraproject.org/
License : GPLv2
Description : The Key Recovery Authority (KRA) is an optional PKI subsystem that
: can act as a key archival facility. When configured in
: conjunction with the Certificate Authority (CA), the KRA stores
: private encryption keys as part of the certificate enrollment
: process. The key archival mechanism is triggered when a user
: enrolls in the PKI and creates the certificate request. Using the
: Certificate Request Message Format (CRMF) request format, a
: request is generated for the user's private encryption key. This
: key is then stored in the KRA which is configured to store keys in
: an encrypted format that can only be decrypted by several agents
: requesting the key at one time, providing for protection of the
: public encryption keys for the users in the PKI deployment.
:
: Note that the KRA archives encryption keys; it does NOT archive
: signing keys, since such archival would undermine non-repudiation
: properties of signing keys.
:
: This package is one of the top-level java-based Tomcat PKI
: subsystems provided by the PKI Core used by the Certificate
: System.
:
:
: ==================================
: || ABOUT "CERTIFICATE SYSTEM" ||
: ==================================
:
: Certificate System (CS) is an enterprise software system designed
: to manage enterprise Public Key Infrastructure (PKI) deployments.
:
: PKI Core contains ALL top-level java-based Tomcat PKI components:
:
: * pki-symkey
: * pki-base
: * pki-base-python2 (alias for pki-base)
: * pki-base-python3
: * pki-base-java
: * pki-tools
: * pki-server
: * pki-ca
: * pki-kra
: * pki-ocsp
: * pki-tks
: * pki-tps
: * pki-javadoc
:
: which comprise the following corresponding PKI subsystems:
:
: * Certificate Authority (CA)
: * Key Recovery Authority (KRA)
: * Online Certificate Status Protocol (OCSP) Manager
: * Token Key Service (TKS)
: * Token Processing Service (TPS)
:
: Python clients need only install the pki-base package. This
: package contains the python REST client packages and the client
: upgrade framework.
:
: Java clients should install the pki-base-java package. This
: package contains the legacy and REST Java client packages. These
: clients should also consider installing the pki-tools package,
: which contain native and Java-based PKI tools and utilities.
:
: Certificate Server instances require the fundamental classes and
: modules in pki-base and pki-base-java, as well as the utilities in
: pki-tools. The main server classes are in pki-server, with
: subsystem specific Java classes and resources in pki-ca, pki-kra,
: pki-ocsp etc.
:
: Finally, if Certificate System is being deployed as an individual
: or set of standalone rather than embedded server(s)/service(s), it
: is strongly recommended (though not explicitly required) to
: include at least one PKI Theme package:
:
: * dogtag-pki-theme (Dogtag Certificate System deployments)
: * dogtag-pki-server-theme
: * redhat-pki-server-theme (Red Hat Certificate System
: deployments)
: * redhat-pki-server-theme
: * customized pki theme (Customized Certificate System
: deployments)
: *
:
: NOTE: As a convenience for standalone deployments, top-level
: meta
: packages may be provided which bind a particular theme to
: these certificate server packages.
4. References on Amazon Linux 2
Popular Linux Distros
Ubuntu
Arch
Linux Mint
Fedora
Kali Linux
Debian
openSuSE
CentOS
Oracle Linux
Manjaro
Rocky Linux
AlmaLinux
Amazon Linux
Red Hat Enterprise Linux