Setting Up The Cmcauth Authentication Plug-In - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Configuring the Certificate Manager
nickname. Nickname for client certificate. This parameter will be ignored if
clientmode=false
Example:
servlet. The URI of the servlet that processes full CMC requests. The default value is
/ca/profileSubmitCMCFull
Example:
CMC Response Utility
The CMC Response Utility,
the HTTP Client utility). It is installed along with CS and is available in the following
directory:
<server_root>/bin/cert/tools
The CMC Response utility uses this syntax:
CMCResponse -d <location of cert8.db> -i <full pathname, including
filename, to CMC response in binary format>
The parsed output is printed to the screen.
Sending a Simple CMC Request
To send a simple CMC request (that is, a plain PKCS #10 request), follow these steps:
Use the
1.
base-64-encoded PKCS #10 request to binary form.
Use the HTTP Client Utility to send the request.
2.
By default, the URI of the servlet that processes a simple CMC request is
/ca/profileSubmitCMCSimple
Setting Up the CMCAuth Authentication Plug-in
This plug-in verifies the signature of the full CMC request. That is, it verifies that the
person who signed the request is the authorized agent. If everything is fine, the CMC
request will be processed right away.
Note: This method of authentication is set up by default. You need to perform the following
procedure only if you deleted the instance that was set up by default.
To set up this form of authentication:
120
Red Hat Certificate System Administrator's Guide • September 2005
.
nickname=CS Agent-102504a's 102504a ID
.
servlet=/ca/profileSubmitCMCFull
CMCResponse
tool in
AtoB
<server_root>/bin/cert/tools
, is used to parse a CMC response (received by
.
to convert the
Advertisement
Table of Contents
