Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual page 8

Administration Guide
10.2.3. Retrieving Certificates from the End-Entities Page .......................................... 216
10.3. Managing User Certificates .................................................................................... 218
10.3.1. Managing Certificate System User and Agent Certificates ............................... 219
10.3.2. Importing Certificates into Mozilla Firefox ....................................................... 220
10.4. Managing the Certificate Database .......................................................................... 221
10.4.1. Installing Certificates in the Certificate System Database ................................ 221
10.4.2. Viewing Database Content ........................................................................... 225
10.4.3. Deleting Certificates from the Database ......................................................... 227
10.4.4. Changing the Trust Settings of a CA Certificate ............................................. 228
10.5. Configuring the Server Certificate Use Preferences ................................................... 229
11. Managing Tokens
11.1. Tokens for Storing Certificate System Keys and Certificates ....................................... 231
11.1.1. Internal Tokens ............................................................................................ 231
11.1.2. External Tokens ........................................................................................... 231
11.1.3. Considerations for External Tokens ............................................................... 231
11.2. Using Hardware Security Modules with Subsystems .................................................. 232
11.2.1. Chrysalis LunaSA HSM ................................................................................ 233
11.2.2. Installing External Tokens and Unsupported HSM ........................................... 233
11.3. Managing Tokens Used by the Subsystems .............................................................. 234
11.3.1. Viewing Tokens ............................................................................................ 234
11.3.2. Changing a Token's Password ...................................................................... 234
11.4. Detecting Tokens .................................................................................................... 234
11.5. Hardware Cryptographic Accelerators ...................................................................... 235
12. Certificate Profiles
12.1. About Certificate Profiles ......................................................................................... 237
12.2. How Certificate Profiles Work .................................................................................. 238
12.3. Setting up Certificate Profiles .................................................................................. 239
12.3.1. Modifying Certificate Profiles through the CA Console .................................... 239
12.3.2. Modifying Certificate Profiles through the Command Line ................................ 248
12.3.3. Populating Certificates with Directory Attributes .............................................. 251
12.3.4. Customizing the Enrollment Form ................................................................. 254
12.4. Certificate Profile Reference .................................................................................... 254
12.5. Input Reference ...................................................................................................... 255
12.5.1. Certificate Request Input .............................................................................. 255
12.5.2. CMC Certificate Request Input ...................................................................... 255
12.5.3. Dual Key Generation Input ........................................................................... 255
12.5.4. File-Signing Input ......................................................................................... 255
12.5.5. Image Input ................................................................................................. 256
12.5.6. Key Generation Input ................................................................................... 256
12.5.7. nsHcertificateRequest (Token Key) Input ....................................................... 256
12.5.8. nsNcertificateRequest (Token User Key) Input ............................................... 256
12.5.9. Subject DN Input ......................................................................................... 256
12.5.10. Subject Name Input .................................................................................... 256
12.5.11. Submitter Information Input ......................................................................... 257
12.6. Output Reference ................................................................................................... 257
12.6.1. Certificate Output ......................................................................................... 257
12.6.2. PKCS #7 Output .......................................................................................... 257
12.6.3. CMMF Output .............................................................................................. 257
12.7. Defaults Reference ................................................................................................. 258
12.7.1. Authority Info Access Extension Default ........................................................ 258
viii
231
237