Configuring Certificate Profiles; Configuring Publishing - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Configuring the Certificate Manager

Configuring Certificate Profiles

The Certificate Profile feature uses instances of certificate profile plug-ins that can be
configured to issue a type of certificate. The certificate profile contains defaults that specify
the contents and the value of that content for this type of certificate, constraints that
constrain the content of this type of certificate, associate the certificate profile with a set up
authentication method, and define the contents of the enrollment page and the output page
when an automated authentication method is used.
The default instances of certificate profiles are for particular types of certificates including a
CA certificate, SSL server certificate, end-entity certificate, and so on. Each certificate
profile is associated with the certificate profile form in the end entity interface that lists all
of the available certificate profiles. The end entity chooses the certificate profile when
submitting the request. You can customize this form. Any enabled certificate profiles will
appear as links on this form. Those links take the user to a dynamically created HTML page
that is generated based on the inputs set in the certificate profile.
Each certificate profile that will be used is configured by an administrator. The
administrator configures defaults and constraints, inputs, outputs, and specifies the
authentication method for each certificate profile.
The certificate profiles that have been configured are listed in the agent services interface
where the agent has to approve the certificate profile to enable it. Once the certificate profile
is enabled, it appears in the end entity interface.
When an end entity submits a request using a particular certificate profile, the certificate
profile authenticates the request based on the authentication mechanism associated with that
certificate profile—and thus the enrollment method. The certificate is issued following the
constraints and extensions set in that certificate profile.
For detailed information, see Chapter 11, "Certificate Profiles."

Configuring Publishing

You can publish certificates and CRLs to files or to an LDAP directory, and publish CRLs
to an Online Certificate Status Manager.
The publishing feature allows you to determine which certificates and which CRLs are
published to which locations. The flexible plug-in interface provides the ability to publish
the same certificate or CRL to a number of places, and to determine a subset of certificates
or a particular CRL to publish to a single location.
For detailed information, see Chapter 16, "Publishing."
Chapter 3 Certificate Manager 113