Certificate Data Formats; Certificate Setup Wizard - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual

10.1.3. Certificate Data Formats

Certificate requests and certificates can be created, stored, and installed in several different formats.
All of these formats conform to X.509 standards.
10.1.3.1. Binary
The following binary formats are recognized:
• DER-encoded certificate. This is a single binary DER-encoded certificate.
• PKCS #7 certificate chain . This is a PKCS #7 SignedData object. The only significant field in the
SignedData object is the certificates; the signature and the contents, for example, are ignored. The
PKCS #7 format allows multiple certificates to be downloaded at once.
• Netscape Certificate Sequence. This is a simpler format for downloading certificate chains in
a PKCS #7 ContentInfo structure, wrapping a sequence of certificates. The value of the
contentType field should be netscape-cert-sequence, while the content field has the
following structure:
CertificateSequence ::= SEQUENCE OF Certificate
This format allows multiple certificates to be downloaded at once.
10.1.3.2. Text
Any of the binary formats can be imported in text form. The text form begins with the following line:
-----BEGIN CERTIFICATE-----
Following this line is the certificate data, which can be in any of the binary formats described. This data
should be base-64 encoded, as described by RFC 1113. The certificate information is followed by this
line:
-----END CERTIFICATE-----

10.1.4. Certificate Setup Wizard

The Certificate System provides a wizard in the administrative console, called the Certificate Setup
Wizard, that automates the process of requesting and installing the certificates required by the
Certificate System subsystem instances.
WARNING
The Certificate Setup Wizard is not supported in Certificate System 7.2. Use the
certutil tool to manage certificates instead.
The Certificate Setup Wizard is integrated into the Console and is capable of the following tasks:
Certificate Data Formats
195