Red Hat CERTIFICATE SYSTEM 7.3 - AGENT GUIDE Manual page 14
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.3 - AGENT GUIDE:
- Administration manual (554 pages) ,
- Manual (92 pages) ,
- Release note (24 pages)
Table of Contents
Advertisement
Chapter 2. Agent Services
scenarios are possible.
Data Recovery Manager
A Data Recovery Manager (DRM) oversees the long-term archival and recovery of private encryption
keys for end entities. A CM or TPS can be configured to archive end entities' private encryption keys
with a DRM as part of the process of issuing new certificates.
The DRM is useful only if end entities are encrypting data, using applications such as S/MIME email,
that the organization may need to recover someday. It can be used only with client software that sup-
ports dual key pairs; two separate key pairs, one for encryption and one for digital signatures. It is also
possible to perform server-side key generation using the TPS server when enrolling smart cards.
Note
The DRM archives encryption keys. It does not archive signing keys, since archiving
signing keys would undermine the non-repudiation properties of dual-key certificates.
Online Certificate Status Manager
An Online Certificate Status Manager (OCSM) works as an online certificate validation authority and
allows OCSP-compliant clients to verify certificates' current status. The OCSM can receive CRLs from
multiple CMs; clients then query the OCSM for the revocation status of certificates issued by all CMs.
For example, in a PKI comprising multiple CAs (a root CA and many subordinate CAs), each CA can
be configured to publish its CRL to the OCSM, allowing all clients in the PKI deployment to verify the
revocation status of a certificate by querying a single OCSM.
Note
An online certificate-validation authority is often referred to as an OCSP responder.
Token Key Service
The Token Key Service (TKS) manages the master and transport keys required to generate and dis-
tribute keys for smart cards. The TKS provides security between tokens and the TPS because it pro-
tects the integrity of the master key and token keys.
Token Processing System
The Token Processing System (TPS) acts as a registration authority for authenticating and processing
smart card enrollment requests, PIN reset requests, and formatting requests from the Enterprise Se-
curity Client.
8
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.3 - AGENT GUIDE
Related Products for Red Hat CERTIFICATE SYSTEM 7.3 - AGENT GUIDE
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE 7.1 ADMINISTRATOR
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 7.1 SP7 - S