Managing Certificates And The Certificate Database - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Configuring the Online Certificate Status Manager
Default ACL Configuration
The configuration set up for the Online Certificate Status Manager gives the following
privileges to members of the following groups:
•
Administrators can perform any operations in the administrative interface which
includes viewing configuration settings, changing configuration settings, adding or
deleting plug-ins, creating or deleting instances or plug-ins, viewing all logs except for
the signed audit log, if you have the signed audit feature set up. Administrators do not
have any access to the agent services interface or any task performed there.
•
Auditors can view the signed audit log, and can view configuration settings, but cannot
perform any other operations on configuration settings and do not have any access to
the agent services interface.
•
Online Certificate Status Manager Agents can view configuration settings in the
administrative interface, but cannot perform any other operations on the configuration
settings, they can perform all operations for all tasks associated with the agent services
interface.
•
Trusted Managers all allowed to communicate with the Online Certificate Status
Manager.
Managing Certificates and the Certificate Database
The signing certificate and SSL encryption certificate are created and installed during the
installation of the Online Certificate Status Manager. See "OCSP Certificates," on page 179
for more information about these certificates and the things you should consider before
getting these certificates.
CS contains a Certificate Wizard that allows you to create additional certificates, or to
renew or replace a certificate for the Online Certificate Status Manager. See "Certificate
Setup Wizard," on page 289 for details of using the wizard and about renewing or replacing
a subsystem certificate.
Trust Settings and CA Certificates
The trusted database also contains the CA certificates for those CAs that the subsystem
trusts. If your subsystem has certificates from a CA or accepts certificates that are issued by
a CA, it must have a copy of those CA certificates in the trusted database, and they must be
configured as trusted, see "Changing the Trust Settings of a CA Certificate," on page 286
and "Installing a New CA Certificate in the Certificate Database," on page 288.
178
Red Hat Certificate System Administrator's Guide • September 2005
Advertisement
Table of Contents
