[skip ci]

remove closing ='s from headers in adoc files under pki/docs/installation
dogtagpki · Feb 18, 2025 · 3a234e1 · 3a234e1
1 parent 2f4320b
commit 3a234e1
Show file tree

Hide file tree

Showing 39 changed files with 210 additions and 210 deletions.
diff --git a/docs/installation/ca/Installing-CA-with-RSA-PSS.adoc b/docs/installation/ca/Installing-CA-with-RSA-PSS.adoc
@@ -1,8 +1,8 @@
-= Overview =
+= Overview 
 
 This page describes the process to install a CA subsystem with RSA/PSS.
 
-= Installation Procedure =
+= Installation Procedure 
 
 To install CA subsystem with RSA/PSS, follow the normal link:Installing_CA.adoc[CA installation] procedure, then specify the parameters below.
 
@@ -29,7 +29,7 @@ pki_ocsp_signing_key_algorithm=SHA512withRSA/PSS
 pki_ocsp_signing_signing_algorithm=SHA512withRSA/PSS
 ----
 
-= Verification =
+= Verification 
 
 To verify that the CA signing certificate was created with RSA/PSS, execute the following command:
 

diff --git a/docs/installation/ca/Installing-CA-with-Random-Serial-Numbers-v3.adoc b/docs/installation/ca/Installing-CA-with-Random-Serial-Numbers-v3.adoc
@@ -1,10 +1,10 @@
-= Overview =
+= Overview 
 
 This page describes the process to install a CA subsystem with link:https://github.com/dogtagpki/pki/wiki/Random-Certificate-Serial-Numbers-v3[Random Certificate Serial Numbers v3] in PKI 11.2 or later.
 
 NOTE: RSNv3 is enabled by default since PKI 11.5.
 
-= Installation Procedure =
+= Installation Procedure 
 
 To install CA with random serial numbers v3, follow the normal link:Installing_CA.adoc[CA installation] procedure, then specify the parameters below.
 
@@ -24,7 +24,7 @@ pki_request_id_generator=random
 
 The certificate request ID length (in bits) can be specified in the `pki_request_id_length` parameter. The default is `128` bits.
 
-= Verification =
+= Verification 
 
 After installation the certificates will have random serial numbers, for example:
 

diff --git a/docs/installation/ca/Installing_CA.adoc b/docs/installation/ca/Installing_CA.adoc
@@ -1,11 +1,11 @@
-= Installing CA =
+= Installing CA 
 
-== Overview ==
+== Overview 
 This page describes the process to install a CA subsystem instance with a self-signed CA signing certificate. It is also known as a "root CA".
 
 Prior to installation, please ensure that the link:../others/Installation_Prerequisites.adoc[Installation Prerequisites] are configured.
 
-== CA Subsystem Installation ==
+== CA Subsystem Installation 
 
 Prepare a deployment configuration (e.g. `ca.cfg`) to deploy CA subsystem.
 By default the subsystem will be deployed into a Tomcat instance called `pki-tomcat`.
@@ -16,7 +16,7 @@ To start the installation execute the following command:
 ```
 $ pkispawn -f ca.cfg -s CA
 ```
-== CA System Certificates ==
+== CA System Certificates 
 After installation, the CA system certificates and keys will be stored
 in the server NSS database (i.e. `/var/lib/pki/pki-tomcat/conf/alias`):
 
@@ -49,7 +49,7 @@ The valid certificate IDs for CA are:
 Note that the `pki-server cert-export` command takes a certificate ID instead of a nickname.
 For simplicity the nicknames in this example are configured to be the same as the certificate ID.
 
-== Admin Certificate ==
+== Admin Certificate 
 
 After installation the admin certificate and key will be stored in `~/.dogtag/pki-tomcat/ca_admin_cert.p12`.
 The PKCS #12 password is specified in the `pki_client_pkcs12_password` parameter.

diff --git a/docs/installation/ca/Installing_CA_Clone.adoc b/docs/installation/ca/Installing_CA_Clone.adoc
@@ -1,6 +1,6 @@
-= Installing CA Clone =
+= Installing CA Clone 
 
-== Overview ==
+== Overview 
 This page describes the process to install a CA subsystem as a clone of an existing CA subsystem.
 
 Prior to installation, please ensure that the link:../others/Installation_Prerequisites.adoc[Installation Prerequisites] are configured.
@@ -11,7 +11,7 @@ Additional useful tips:
 - Make sure the firewall on the clone allows external access to LDAP from the master
 - Not having a `dc=pki,dc=example,dc=com` entry in LDAP will give the same error as not being able to connect to the LDAP server.
 
-== Exporting Existing CA System Certificates ==
+== Exporting Existing CA System Certificates 
 
 On the existing system, export the CA system certificates with the following command:
 
@@ -56,7 +56,7 @@ $ pki-server cert-export subsystem \
     --csr-file subsystem.csr
 ```
 
-== SELinux Permissions ==
+== SELinux Permissions 
 
 After copying the `ca-certs.p12` to the clone machine, ensure that appropriate SELinux rules are added:
 
@@ -71,7 +71,7 @@ Also, make sure the `ca-certs.p12` file is owned by the `pkiuser`
 $ chown pkiuser:pkiuser ca-certs.p12
 ----
 
-== CA Subsystem Installation ==
+== CA Subsystem Installation 
 
 Prepare a deployment configuration (e.g. `ca-clone.cfg`) to deploy CA subsystem clone.
 By default the subsystem will be deployed into a Tomcat instance called `pki-tomcat`.
@@ -98,7 +98,7 @@ To start the installation execute the following command:
 $ pkispawn -f ca-clone.cfg -s CA
 ```
 
-== CA System Certificates ==
+== CA System Certificates 
 
 After installation the existing CA system certificates (including the certificate chain)
 and their keys will be stored in the server NSS database (i.e. `/var/lib/pki/pki-tomcat/conf/alias`),
@@ -134,7 +134,7 @@ The valid certificate IDs for CA are:
 Note that the `pki-server cert-export` command takes a certificate ID instead of a nickname.
 For simplicity the nicknames in this example are configured to be the same as the certificate IDs.
 
-== Admin Certificate ==
+== Admin Certificate 
 
 To use the admin certificate from the primary CA subsystem, prepare a client NSS database (default is `~/.dogtag/nssdb`):
 

diff --git a/docs/installation/ca/Installing_CA_Clone_with_HSM.adoc b/docs/installation/ca/Installing_CA_Clone_with_HSM.adoc
@@ -1,13 +1,13 @@
-= Installing CA Clone with HSM =
+= Installing CA Clone with HSM 
 
-== Overview ==
+== Overview 
 
 This page describes the process to install a CA subsystem as a clone of an existing CA subsystem
 where the system certificates and their keys are stored in HSM.
 
 Prior to installation, please ensure that the link:../others/Installation_Prerequisites.adoc[Installation Prerequisites] are configured.
 
-== Exporting Existing System Certificates ==
+== Exporting Existing System Certificates 
 
 Since the system certificates and the keys are already in HSM, it's not necessary to export them into a
 PKCS #12 file to create a clone.
@@ -29,7 +29,7 @@ $ pki-server cert-export subsystem \
     --csr-file subsystem.csr
 ```
 
-== CA Subsystem Installation ==
+== CA Subsystem Installation 
 
 Prepare a file (e.g. ca.cfg) that contains the deployment configuration, for example:
 
@@ -101,7 +101,7 @@ It will install CA subsystem in a Tomcat instance (default is pki-tomcat) and cr
 * server NSS database: /var/lib/pki/pki-tomcat/conf/alias
 * admin NSS database: ~/.dogtag/pki-tomcat/ca/alias
 
-== Verifying System Certificates ==
+== Verifying System Certificates 
 
 Verify that the internal token contains the following certificates:
 
@@ -130,7 +130,7 @@ HSM:ca_audit_signing                                         u,u,Pu
 HSM:sslserver/replica.example.com                            u,u,u
 ```
 
-== Verifying Admin Certificate ==
+== Verifying Admin Certificate 
 
 Prepare a client NSS database (e.g. ~/.dogtag/nssdb):
 

diff --git a/docs/installation/ca/Installing_CA_Clone_with_Secure_Database_Connection.adoc b/docs/installation/ca/Installing_CA_Clone_with_Secure_Database_Connection.adoc
@@ -1,12 +1,12 @@
-= Installing CA Clone with Secure Database Connection =
+= Installing CA Clone with Secure Database Connection 
 
-== Overview ==
+== Overview 
 
 This page describes the process to install a CA subsystem as clone of an existing CA subsystem with a secure database connection.
 
 Prior to installation, please ensure that the link:../others/Installation_Prerequisites.adoc[Installation Prerequisites] are configured.
 
-== DS Configuration ==
+== DS Configuration 
 
 Once the prerequisites listed above are completed on the clone system, go on the existing system and export the DS signing certificate into `ds_signing.p12` and copy the certificate into clone system with the following command:
 
@@ -39,7 +39,7 @@ Some useful tips:
        not being able to connect to the LDAP server.
 
 
-== Exporting Existing CA System Certificates ==
+== Exporting Existing CA System Certificates 
 
 On the existing system, export the CA system certificates and copy to clone system with the following command:
 
@@ -67,7 +67,7 @@ $ pki -d /var/lib/pki/pki-tomcat/conf/alias -f /var/lib/pki/pki-tomcat/conf/pass
     --append
 ```
 
-== SELinux Permissions ==
+== SELinux Permissions 
 
 After copying the `ca-certs.p12` to the clone machine, ensure that appropriate SELinux rules are added:
 
@@ -82,7 +82,7 @@ Also, make sure the `ca-certs.p12` file is owned by the `pkiuser`
 $ chown pkiuser:pkiuser ca-certs.p12
 ----
 
-== CA Subsystem Installation ==
+== CA Subsystem Installation 
 
 Prepare a deployment configuration (e.g. `ca-secure-ds-secondary.cfg`) to deploy CA subsystem clone.
 By default the subsystem will be deployed into a Tomcat instance called `pki-tomcat`.
@@ -99,7 +99,7 @@ To start the installation execute the following command:
 $ pkispawn -f ca-secure-ds-secondary.cfg -s CA
 ```
 
-== CA System Certificates ==
+== CA System Certificates 
 
 After installation the existing CA system certificates (including the certificate chain)
 and their keys will be stored in the server NSS database (i.e. `/var/lib/pki/pki-tomcat/conf/alias`),
@@ -135,7 +135,7 @@ The valid certificate IDs for CA are:
 Note that the `pki-server cert-export` command takes a certificate ID instead of a nickname.
 For simplicity the nicknames in this example are configured to be the same as the certificate IDs.
 
-== Admin Certificate ==
+== Admin Certificate 
 
 To use the admin certificate from the primary CA subsystem, prepare a client NSS database (default is `~/.dogtag/nssdb`):
 

diff --git a/docs/installation/ca/Installing_CA_with_Custom_CA_Signing_Key.adoc b/docs/installation/ca/Installing_CA_with_Custom_CA_Signing_Key.adoc
@@ -1,11 +1,11 @@
-= Installing CA with Custom CA Signing Key =
+= Installing CA with Custom CA Signing Key 
 
-== Overview ==
+== Overview 
 This page describes the process to install a CA subsystem with a custom CA signing key, CSR, and certificate.
 
 Prior to installation, please ensure that the link:../others/Installation_Prerequisites.adoc[Installation Prerequisites] are configured.
 
-== Starting CA Subsystem Installation ==
+== Starting CA Subsystem Installation 
 Prepare a file (e.g. ca-step1.cfg) that contains the deployment configuration step 1, for example:
 
 ```
@@ -58,7 +58,7 @@ It will install CA subsystem in a Tomcat instance (default is pki-tomcat) and cr
 
 Since there is no CSR path parameter specified, it will not generate the CA signing key by default.
 
-== Generating CA Signing Key, CSR, and Certificate ==
+== Generating CA Signing Key, CSR, and Certificate 
 Generate a custom CA signing key in the server NSS database, then generate a CSR and store it in a file (e.g. ca_signing.csr).
 
 Use the CSR to issue the CA signing certificate:
@@ -75,7 +75,7 @@ If the CA signing certificate was issued by an external CA, store the external C
 //
 // * link:https://github.com/dogtagpki/pki/wiki/Generating-CA-Signing-Certificate[Generating CA Signing Certificate]
 
-== Finishing CA Subsystem Installation ==
+== Finishing CA Subsystem Installation 
 Prepare another file (e.g. ca-step2.cfg) that contains the deployment configuration step 2. The file can be copied from step 1 (i.e. ca-step1.cfg) with additional changes below.
 
 Specify step 2 with the following parameter:
@@ -109,7 +109,7 @@ Finally, execute the following command:
 $ pkispawn -f ca-step2.cfg -s CA
 ```
 
-== Verifying System Certificates ==
+== Verifying System Certificates 
 Verify that the server NSS database contains the following certificates:
 
 ```
@@ -126,7 +126,7 @@ ca_audit_signing                                             u,u,Pu
 sslserver                                                    u,u,u
 ```
 
-== Verifying Admin Certificate ==
+== Verifying Admin Certificate 
 Prepare a client NSS database (e.g. ~/.dogtag/nssdb):
 
 ```

diff --git a/docs/installation/ca/Installing_CA_with_ECC.adoc b/docs/installation/ca/Installing_CA_with_ECC.adoc
@@ -1,6 +1,6 @@
-= Installing CA with ECC =
+= Installing CA with ECC 
 
-== Overview ==
+== Overview 
 This page describes the process to install a CA subsystem with ECC self-signed CA signing certificate.
 
 Supported ECC curves:
@@ -17,7 +17,7 @@ Supported ECC key algorithms:
 
 Prior to installation, please ensure that the link:../others/Installation_Prerequisites.adoc[Installation Prerequisites] are configured.
 
-== CA Subsystem Installation ==
+== CA Subsystem Installation 
 
 Prepare a deployment configuration (e.g. `ca-ecc.cfg`) to deploy CA subsystem.
 By default the subsystem will be deployed into a Tomcat instance called `pki-tomcat`.
@@ -30,7 +30,7 @@ To start the installation execute the following command:
 $ pkispawn -f ca-ecc.cfg -s CA
 ```
 
-== CA System Certificates ==
+== CA System Certificates 
 
 After installation the CA system certificates and keys will be stored
 in the server NSS database (i.e. `/var/lib/pki/pki-tomcat/conf/alias`):
@@ -65,7 +65,7 @@ The valid certificate IDs for CA are:
 Note that the `pki-server cert-export` command takes a certificate ID instead of a nickname.
 For simplicity the nicknames in this example are configured to be the same as the certificate ID.
 
-== Admin Certificate ==
+== Admin Certificate 
 
 After installation the admin certificate and key will be stored
 in `~/.dogtag/pki-tomcat/ca_admin_cert.p12`.

diff --git a/docs/installation/ca/Installing_CA_with_Existing_Keys_in_HSM.adoc b/docs/installation/ca/Installing_CA_with_Existing_Keys_in_HSM.adoc
@@ -1,6 +1,6 @@
-= Installing CA with Existing Keys in HSM =
+= Installing CA with Existing Keys in HSM 
 
-== Overview ==
+== Overview 
 This page describes the process to install a CA subsystem with the system keys, CSRs, and certificates from an existing CA
 where the keys are stored in HSM.
 
@@ -9,7 +9,7 @@ so they will not be included in the installation process.
 
 Prior to installation, please ensure that the link:../others/Installation_Prerequisites.adoc[Installation Prerequisites] are configured.
 
-== Starting CA Subsystem Installation ==
+== Starting CA Subsystem Installation 
 Prepare a file (e.g. ca-step1.cfg) that contains the deployment configuration step 1, for example:
 
 ```
@@ -68,7 +68,7 @@ It will install CA subsystem in a Tomcat instance (default is pki-tomcat) and cr
 
 Since there are no CSR path parameters specified, it will not generate CA system and admin keys.
 
-== Exporting Existing System Certificates and CSRs ==
+== Exporting Existing System Certificates and CSRs 
 Export the system certificates from the existing CA with the following commands:
 
 ```
@@ -93,7 +93,7 @@ $ sed -n "/^ca.audit_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/
 $ echo "-----END CERTIFICATE REQUEST-----" >> ca_audit_signing.csr
 ```
 
-== Finishing CA Subsystem Installation ==
+== Finishing CA Subsystem Installation 
 Prepare another file (e.g. ca-step2.cfg) that contains the deployment configuration step 2.
 The file can be copied from step 1 (i.e. ca-step1.cfg) with additional changes below.
 
@@ -131,7 +131,7 @@ Finally, execute the following command:
 $ pkispawn -f ca-step2.cfg -s CA
 ```
 
-== Verifying System Certificates ==
+== Verifying System Certificates 
 Verify that the internal token contains the following certificates:
 
 ```
@@ -159,7 +159,7 @@ HSM:ca_audit_signing                                         u,u,Pu
 HSM:sslserver/pki.example.com                                u,u,u
 ```
 
-== Verifying Admin Certificate ==
+== Verifying Admin Certificate 
 Prepare a client NSS database (e.g. ~/.dogtag/nssdb):
 
 ```