Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 204
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Installing a Standalone Data Recovery Manager
The first time you generated this certificate is when you installed the Data Recovery
Manager. The default nickname for the certificate is
kraTransportCert cert-<instance_id>
instance in which the Data Recovery Manager is installed.
The transport certificate was issued by the CA to which you submitted the certificate
signing request. You might have submitted the request to the Certificate Manager that is
installed in the same instance, internally deployed another CA, or a public CA. To find out
the issuer name, follow the instructions in "Viewing and Deleting Certificate Database
Content" on page 285.
Storage Key Pair
Every Data Recovery Manager you have installed has a Data Recovery Manager storage
key pair. The first time you generated this key pair is when you installed the Data Recovery
Manager.
The Data Recovery Manager uses the public component of this key pair to encrypt (or
wrap) end-entity's encryption private keys during the key archival operation; it uses the
private component to decrypt (or unwrap) the archived key during the recovery operation.
That is, the public key is used to encrypt the key repository the server uses to store
end-entity's encryption private keys. For more information on how this key pair is used, see
Chapter 6, "Data Recovery Manager."
Note that the public component of the storage key pair is not certified; there is no certificate
that corresponds to the public key.
Keys encrypted with the storage key can be retrieved only by authorized key recovery
agents. For details, see "Key Recovery Agents and Their Passwords" on page 193.
SSL Server Key Pair and Certificate
Every Data Recovery Manager you have installed has at least one SSL server certificate.
The first time you generated this certificate is when you installed the Data Recovery
Manager. The default nickname for the certificate is
Server-Cert cert-<instance_id>
instance in which the Data Recovery Manager is installed.
The Data Recovery Manager's SSL server certificate was issued by the CA to which you
submitted the certificate signing request. You might have submitted the request to the
Certificate Manager that is installed in the same instance, an internally deployed CA, or a
public CA. To find out the issuer name, follow the instructions in "Viewing and Deleting
Certificate Database Content" on page 285.
204
Red Hat Certificate System Administrator's Guide • September 2005
, where
<instance_id>
, where
<instance_id>
identifies the CS
identifies the CS
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?