Crls - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Configuring a Registration Manager
The default instances of certificate profiles are for particular types of certificates including a
CA certificate, SSL server certificate, end-entity certificate, and so on. Each certificate
profile is associated with the certificate profile form in the end entity interface that lists all
of the available certificate profiles. The end entity chooses the certificate profile when
submitting the request. You can customize this form. Any enabled certificate profiles will
appear as links on this form. Those links take the user to a dynamically created HTML page
that is generated based on the inputs set in the certificate profile.
Each certificate profile that will be used is configured by an administrator. The
administrator configures defaults and constraints, inputs, outputs, and specifies the
authentication method for each certificate profile.
The certificate profiles that have been configured are listed in the agent services interface
where the agent has to approve the certificate profile to enable it. Once the certificate profile
is enabled, it appears in the end entity interface.
When an end entity submits a request using a particular certificate profile, the certificate
profile is processed according to the authentication mechanism associated with that
certificate profile and thus the enrollment method, and the certificate is issued following the
constraints and extensions set in that certificate profile. If the certificate profile is associated
with the agent-approved authentication method, the request is sent to the agent services
interface for processing. The agent can change some aspects of the request, as long as they
are within the constraints set in the certificate profile, reject the request, change the status of
the request, or approve the request.
For detailed information, see Chapter 11, "Certificate Profiles."
If you set up and enable a certificate profile in the Registration Manager, you should set up
a certificate profile with the same name in the Certificate Manager that issues certificates
for this Registration Manager. The certificate profile set up in the Certificate Manager
should have the value of field End User Certificate Profile set to false so the request does
not have to be processed through the input form associated with the certificate profile in the
Certificate Manager.

CRLs

A Registration Manager does not revoke certificates or create CRLs. The CA that issues
certificates for the RA is the only subsystem able to do these tasks.
152 Red Hat Certificate System Administrator's Guide • September 2005