docs/installation/ca replaced "moved to" messages

docs/installation/ca/Installing_CA.md

@@ -1 +1 @@
-This page has been converted/moved to [Installing_CA.adoc](../ca/Installing_CA.adoc)
+Converted/moved to [Installing_CA.adoc](../ca/Installing_CA.adoc)

docs/installation/ca/Installing_CA_Clone.md

@@ -1 +1 @@
-This page has been converted/moved to [Installing_CA_Clone.adoc](../ca/Installing_CA_Clone.adoc)
+Converted/moved to [Installing_CA_Clone.adoc](../ca/Installing_CA_Clone.adoc)

docs/installation/ca/Installing_CA_Clone_with_HSM.md

@@ -1 +1 @@
-This page has been converted/moved to [Installing_CA_Clone_with_HSM.adoc](../ca/Installing_CA_Clone_with_HSM.adoc)
+Converted/moved to [Installing_CA_Clone_with_HSM.adoc](../ca/Installing_CA_Clone_with_HSM.adoc)

docs/installation/ca/Installing_CA_Clone_with_Secure_Database_Connection.md

@@ -1,185 +1 @@
-This page has been converted/moved to [Installing_CA_Clone_with_Secure_Database_Connection.adoc](../ca/Installing_CA_Clone_with_Secure_Database_Connection.adoc)
-
-Content below is to be removed after finalizing.
-
-Installing CA Clone with Secure Database Connection
-===================================================
-
-Overview
---------
-
-This page describes the process to install a CA subsystem as clone of an existing CA subsystem with a secure database connection.
-
-DS Installation
----------------
-
-Before installing CA clone, please ensure that you have configured the DS clone as described in [DS Installation](https://github.com/dogtagpki/pki/wiki/DS-Installation).
-
-Then on existing system, export the DS signing certificate into `ds_signing.p12` and copy the certificate into clone system with the following command:
-
-```
-$ pki -d /etc/dirsrv/slapd-localhost \
--C /etc/dirsrv/slapd-localhost/pwdfile.txt \
-pkcs12-export --pkcs12-file ds_signing.p12 \
---pkcs12-password Secret.123 Self-Signed-CA
-```
-Import the `ds_signing.p12` into the clone DS instance with the following command:
-
-```
-$ pki -d /etc/dirsrv/slapd-localhost \
--C /etc/dirsrv/slapd-localhost/pwdfile.txt \
-pkcs12-import --pkcs12-file ds_signing.p12 \
---pkcs12-password Secret.123
-```
-In the DS clone, create a DS server certificate as described in [Creating DS Server Certificate](https://github.com/dogtagpki/pki/wiki/Enabling-SSL-Connection-in-DS#creating-ds-server-certificate).
-Note that the certificate subject DN should match the clone's hostname ( i.e `--subject "CN=secondary.example.com"` ).
-
-Then enable the SSL connection as described in [Enabling SSL Connection](https://github.com/dogtagpki/pki/wiki/Enabling-SSL-Connection-in-DS#enabling-ssl-connection).
-
-After the successful DS restart, Export the DS Signing Certificate into 'ds_signing.crt' as described in [Exporting DS Signing Certificate](https://github.com/dogtagpki/pki/wiki/Exporting-DS-Certificates#exporting-ds-signing-certificate).
-
-Some useful tips:
-
- - Make sure the firewall on the master allows external access to LDAP from the clone
- - Make sure the firewall on the clone allows external access to LDAP from the master
- - Not having a `dc=pki,dc=example,dc=com` entry in LDAP will give the same error as
-       not being able to connect to the LDAP server.
-
-
-Exporting Existing CA System Certificates
------------------------------------------
-
-On the existing system, export the CA system certificates and copy to clone system with the following command:
-
-```
-$ pki-server ca-clone-prepare --pkcs12-file ca-certs.p12 --pkcs12-password Secret.123
-$ pki-server cert-export ca_signing --cert-file ca_signing.crt
-```
-
-The command will export the following certificates (including the certificate chain) and their keys into a PKCS #12 file:
-
-* CA signing certificate
-* OCSP signing certificate
-* audit signing certificate
-* subsystem certificate
-
-Note that the existing SSL server certificate will not be exported.
-
-If necessary, third-party certificates (e.g. trust anchors) can be added into the same PKCS #12 file with the following command:
-
-```
-$ pki -d /var/lib/pki/pki-tomcat/conf/alias -f /var/lib/pki/pki-tomcat/conf/password.conf \
-    pkcs12-cert-import <nickname> \
-    --pkcs12-file ca-certs.p12 \
-    --pkcs12-password Secret.123 \
-    --append
-```
-
-SELinux Permissions
--------------------
-
-After copying the `ca-certs.p12` to the clone machine, ensure that appropriate SELinux rules are added:
-
-````
-$ semanage fcontext -a -t pki_tomcat_cert_t ca-certs.p12
-$ restorecon -R -v ca-certs.p12
-````
-
-Also, make sure the `ca-certs.p12` file is owned by the `pkiuser`
-
-````
-$ chown pkiuser:pkiuser ca-certs.p12
-````
-
-CA Subsystem Installation
--------------------------
-
-Prepare a deployment configuration (e.g. `ca-secure-ds-secondary.cfg`) to deploy CA subsystem clone.
-By default the subsystem will be deployed into a Tomcat instance called `pki-tomcat`.
-
-A sample deployment configuration is available at [/usr/share/pki/server/examples/installation/ca-secure-ds-secondary.cfg](../../../base/server/examples/installation/ca-secure-ds-secondary.cfg).
-It assumes that the existing CA and DS instances are running on primary.example.com, and the new CA and DS clones are being installed on secondary.example.com,
-the CA signing certificate has been exported into `ca_signing.crt`,
-and the admin certificate and key have been exported into `ca_admin_cert.p12`.
-The PKCS #12 password is specified in the `pki_client_pkcs12_password` parameter.
-
-To start the installation execute the following command:
-
-```
-$ pkispawn -f ca-secure-ds-secondary.cfg -s CA
-```
-
-CA System Certificates
-----------------------
-
-After installation the existing CA system certificates (including the certificate chain)
-and their keys will be stored in the server NSS database (i.e. `/var/lib/pki/pki-tomcat/conf/alias`),
-and a new SSL server certificate will be created for the new instance:
-
-```
-$ certutil -L -d /var/lib/pki/pki-tomcat/conf/alias
-
-Certificate Nickname                                         Trust Attributes
-                                                             SSL,S/MIME,JAR/XPI
-
-subsystem                                                    u,u,u
-ca_signing                                                   CTu,Cu,Cu
-ca_ocsp_signing                                              u,u,u
-ca_audit_signing                                             u,u,Pu
-ds_signing                                                   CT,C,C
-sslserver                                                    u,u,u
-```
-
-If necessary, the clone CA system certificates can be exported into PEM files with the following command:
-
-```
-$ pki-server cert-export <cert ID> --cert-file <filename>
-```
-
-The valid certificate IDs for CA are:
-* `ca_signing`
-* `ca_ocsp_signing`
-* `ca_audit_signing`
-* `subsystem`
-* `sslserver`
-
-Note that the `pki-server cert-export` command takes a certificate ID instead of a nickname.
-For simplicity the nicknames in this example are configured to be the same as the certificate IDs.
-
-Admin Certificate
------------------
-
-To use the admin certificate from the primary CA subsystem, prepare a client NSS database (default is `~/.dogtag/nssdb`):
-
-```
-$ pki client-init
-```
-
-Then import the CA signing certificate into the client NSS database:
-
-```
-$ pki client-cert-import ca_signing --ca-cert ca_signing.crt
-```
-
-Finally, import admin certificate and key with the following command:
-
-```
-$ pki pkcs12-import \
-    --pkcs12 ca_admin_cert.p12 \
-    --pkcs12-password Secret.123
-```
-
-To verify that the admin certificate can be used to access the CA subsystem clone, execute the following command:
-
-```
-$ pki -n caadmin ca-user-show caadmin
---------------
-User "caadmin"
---------------
-  User ID: caadmin
-  Full name: caadmin
-  Email: caadmin@example.com
-  Type: adminType
-  State: 1
-```
-
+Converted/moved to [Installing_CA_Clone_with_Secure_Database_Connection.adoc](../ca/Installing_CA_Clone_with_Secure_Database_Connection.adoc)

docs/installation/ca/Installing_CA_with_Custom_CA_Signing_Key.md

@@ -1 +1 @@
-This page has been converted/moved to [Installing_CA_with_Custom_CA_Signing_Key.adoc](../ca/Installing_CA_with_Custom_CA_Signing_Key.adoc).
+Converted/moved to [Installing_CA_with_Custom_CA_Signing_Key.adoc](../ca/Installing_CA_with_Custom_CA_Signing_Key.adoc)

docs/installation/ca/Installing_CA_with_ECC.md

@@ -1,2 +1 @@
-This page has been converted/moved to [Installing_CA_with_ECC.adoc](../ca/Installing_CA_with_ECC.adoc).
-Content below is to be removed after finalizing.
+Converted/moved to [Installing_CA_with_ECC.adoc](../ca/Installing_CA_with_ECC.adoc)

docs/installation/ca/Installing_CA_with_Existing_Keys_in_HSM.md

@@ -1 +1 @@
-This page has been converted/moved to [Installing_CA_with_Existing_Keys_in_HSM.adoc](../ca/Installing_CA_with_Existing_Keys_in_HSM.adoc).
+Converted/moved to [Installing_CA_with_Existing_Keys_in_HSM.adoc](../ca/Installing_CA_with_Existing_Keys_in_HSM.adoc)

docs/installation/ca/Installing_CA_with_Existing_Keys_in_Internal_Token.md

@@ -1,156 +1 @@
-This page has been converted/moved to [Installing_CA_with_Existing_Keys_in_Internal_Token.adoc](../ca/Installing_CA_with_Existing_Keys_in_Internal_Token.adoc).
-Content below is to be removed after finalizing.
-
-Installing CA with Existing Keys in Internal Token
-==================================================
-
-Overview
---------
-
-This page describes the process to install a CA subsystem with the system keys, CSRs, and certificates from an existing CA
-where the keys are stored in internal token.
-
-To avoid conflicts with the existing CA subsystem, the new CA subsystem will use new SSL server and subsystem certificates,
-so they will not be included in the installation process.
-
-Starting CA Subsystem Installation
-----------------------------------
-
-Prepare a file (e.g. ca-existing-certs-step1.cfg) that contains the first deployment configuration.
-
-A sample deployment configuration is available at [/usr/share/pki/server/examples/installation/ca-existing-certs-step1.cfg](../../../base/server/examples/installation/ca-existing-certs-step1.cfg).
-
-Then execute the following command:
-
-```
-$ pkispawn -f ca-existing-certs-step1.cfg -s CA
-```
-
-It will install CA subsystem in a Tomcat instance (default is pki-tomcat) and create the following NSS databases:
-* server NSS database: /var/lib/pki/pki-tomcat/conf/alias
-* admin NSS database: ~/.dogtag/pki-tomcat/ca/alias
-
-Since there are no CSR path parameters specified, it will not generate CA system and admin keys.
-
-Exporting Existing System Keys, CSRs, Certificates
---------------------------------------------------
-
-Export the system keys and certificates from the existing CA into a PKCS #12 file with the following command:
-
-```
-$ pki -d /var/lib/pki/pki-tomcat/conf/alias -c Secret.123 pkcs12-export \
-  --pkcs12 ca-certs.p12 \
-  --password Secret.123
-$ pki pkcs12-cert-del --pkcs12-file ca-certs.p12 --pkcs12-password Secret.123 sslserver
-$ pki pkcs12-cert-del --pkcs12-file ca-certs.p12 --pkcs12-password Secret.123 subsystem
-```
-
-Export the CSRs from the existing CA with the following commands:
-
-```
-$ echo "-----BEGIN CERTIFICATE REQUEST-----" > ca_signing.csr
-$ sed -n "/^ca.signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/conf/ca/CS.cfg >> ca_signing.csr
-$ echo "-----END CERTIFICATE REQUEST-----" >> ca_signing.csr
-
-$ echo "-----BEGIN CERTIFICATE REQUEST-----" > ca_ocsp_signing.csr
-$ sed -n "/^ca.ocsp_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/conf/ca/CS.cfg >> ca_ocsp_signing.csr
-$ echo "-----END CERTIFICATE REQUEST-----" >> ca_ocsp_signing.csr
-
-$ echo "-----BEGIN CERTIFICATE REQUEST-----" > ca_audit_signing.csr
-$ sed -n "/^ca.audit_signing.certreq=/ s/^[^=]*=// p" < /var/lib/pki/pki-tomcat/conf/ca/CS.cfg >> ca_audit_signing.csr
-$ echo "-----END CERTIFICATE REQUEST-----" >> ca_audit_signing.csr
-```
-
-Finishing CA Subsystem Installation
------------------------------------
-
-Prepare another file (e.g. ca-existing-certs-step2.cfg) that contains the second deployment configuration.
-The file can be created from the first file (i.e. ca-existing-certs-step1.cfg) with the following changes:
-
-```
-pki_external_step_two=True
-```
-
-Specify the existing keys and certificates in the PKCS #12 file with the following parameters:
-
-```
-pki_pkcs12_path=ca-certs.p12
-pki_pkcs12_password=Secret.123
-```
-
-Specify the existing CSRs with the following parameters:
-
-```
-pki_ca_signing_csr_path=ca_signing.csr
-pki_ocsp_signing_csr_path=ca_ocsp_signing.csr
-pki_audit_signing_csr_path=ca_audit_signing.csr
-```
-
-Specify the serial number starting range such that new certificates will not conflict with the existing certificates:
-
-```
-pki_serial_number_range_start=4
-```
-
-A sample deployment configuration is available at [/usr/share/pki/server/examples/installation/ca-existing-certs-step2.cfg](../../../base/server/examples/installation/ca-existing-certs-step2.cfg).
-
-Finally, execute the following command:
-
-```
-$ pkispawn -f ca-existing-certs-step2.cfg -s CA
-```
-
-Verifying System Certificates
------------------------------
-
-Verify that the server NSS database contains the following certificates:
-
-```
-$ certutil -L -d /var/lib/pki/pki-tomcat/conf/alias
-
-Certificate Nickname                                         Trust Attributes
-                                                             SSL,S/MIME,JAR/XPI
-
-ca_signing                                                   CTu,Cu,Cu
-ca_ocsp_signing                                              u,u,u
-subsystem                                                    u,u,u
-ca_audit_signing                                             u,u,Pu
-sslserver                                                    u,u,u
-```
-
-Verifying Admin Certificate
----------------------------
-
-Prepare a client NSS database (e.g. ~/.dogtag/nssdb):
-
-```
-$ pki -c Secret.123 client-init
-```
-
-Import the CA signing certificate:
-
-```
-$ pki -c Secret.123 client-cert-import ca_signing --ca-cert ca_signing.crt
-```
-
-Import admin key and certificate:
-
-```
-$ pki -c Secret.123 pkcs12-import \
-    --pkcs12 ~/.dogtag/pki-tomcat/ca_admin_cert.p12 \
-    --pkcs12-password Secret.123
-```
-
-Verify that the admin certificate can be used to access the CA subsystem by executing the following command:
-
-```
-$ pki -c Secret.123 -n caadmin ca-user-show caadmin
---------------
-User "caadmin"
---------------
-  User ID: caadmin
-  Full name: caadmin
-  Email: caadmin@example.com
-  Type: adminType
-  State: 1
-```
+Converted/moved to [Installing_CA_with_Existing_Keys_in_Internal_Token.adoc](../ca/Installing_CA_with_Existing_Keys_in_Internal_Token.adoc)

docs/installation/ca/Installing_CA_with_External_CA_Signing_Certificate.md

@@ -1 +1 @@
-This page has been converted/moved to [Installing_CA_with_External_CA_Signing_Certificate.adoc](../ca/Installing_CA_with_External_CA_Signing_Certificate.adoc).
+Converted/moved to [Installing_CA_with_External_CA_Signing_Certificate.adoc](../ca/Installing_CA_with_External_CA_Signing_Certificate.adoc)

docs/installation/ca/Installing_CA_with_HSM.md

@@ -1 +1 @@
-This page has been converted/moved to [Installing_CA_with_HSM.adoc](../ca/Installing_CA_with_HSM.adoc).
+Converted/moved to [Installing_CA_with_HSM.adoc](../ca/Installing_CA_with_HSM.adoc)