Consideration When Getting New Certificates For The Subsystems - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Step 4. View the Certificate or Certificate Chain
The wizard displays the certificate or certificate chain you have chosen to install. Make sure
you have chosen the right one; otherwise, use the Back button to go back and locate the
right one. Specify a nickname for the certificate.
Step 5. Install the Certificate or Certificate Chain
The wizard shows the certificate or certificate chain information you have selected for
installing. You should check the information to make sure that you have chosen the correct
one for installing.
After verifying that the certificate you have chosen is the correct one, click the Install
button. The wizard installs the certificate or the CA chain in the token you have chosen.
•
If you installed a certificate that has been issued by CA whose certificate chain doesn't
exist in the certificate database, you must add that CA's certificate chain to the
database. To add the CA chain to the database, copy the CA chain to a text file, start the
wizard again, and install the CA chain.
•
If you installed (or imported) a certificate chain, the wizard adds (to the local trust
database) the first certificate in the chain as a trusted CA certificate and any subsequent
certificates as untrusted CA certificates. For more information on how the wizard
installs a certificate chain, see "Using the Wizard to Install a Certificate or Certificate
Chain" on page 299.
Step 6. Verify the Certificate Status
This step is applicable only if you installed a certificate chain.
After you install a certificate chain in the trust database of a CS instance, check the trust
status of each certificate that got installed, and make sure that the correct CA certificates are
trusted. For instructions, see "Changing the Trust Settings of a CA Certificate" on page 286.
Consideration When Getting New Certificates for the
Subsystems
You may need to get new certificates for the CS manager installed in a CS instance. Getting
a new certificate means getting a certificate based on a new public and private key pair.
The sections that follow explain how to get new certificates for a Certificate Manager,
Registration Manager, Data Recovery Manager, and Online Certificate Status Manager
using the Certificate Setup Wizard. Alternatively, you can use the command-line utility
called the Certificate Database tool (
). For details about this tool, check this site:
certutil
Managing the Certificate Database
Chapter 8
Administrative Basics
303
Advertisement
Table of Contents
