Tokens For Storing Cs Keys And Certificates - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
•
If you want to get a new signing certificate for a Registration Manager, check whether
the Registration Manager has been set up as a trusted manager for a Certificate
Manager and Data Recovery Manager—that is, you must identify the subsystems that
have been configured to receive requests from this Registration Manager; see "Trusted
Managers" on page 317. You will need to replace the existing signing certificate with
the new one in all these subsystems.
•
If you want to get a new transport certificate for a Data Recovery Manager, you must
identify the end-entity interfaces or forms that have been set up for the archival of end
users' encryption private keys; see "How Key Archival Works" on page 190. You will
need to replace the existing transport certificate with the new one in all these forms.
•
If you want to get a new SSL server certificate for a Certificate Manager, determine
whether the Certificate Manager has been cloned as part of a cloned-CA setup. If it has,
you'll have to update the clone CAs certificate databases with the new SSL server
certificate.
Also determine whether the Certificate Manager is configured to publish certificates
and CRLs to an LDAP directory and whether it uses the SSL server certificate for SSL
client authentication to the directory. If it does, you will have to request the certificate
with the appropriate extensions, and after installing the certificate you will have to
configure the publishing directory to use this certificate.
•
You can get any number of SSL server certificates.
Tokens for Storing CS Keys and Certificates
A token is a hardware or software device that performs cryptographic functions and
optionally stores public-key certificates, cryptographic keys, and data defined by the
application using the cryptographic services. Alternatively, a token can also be considered
as a device that you can use to generate and store your key pairs and corresponding
certificates.
Certificate System defines two types of tokens, internal and external, for storing key pairs
and certificates that belong to the Certificate Manager, Registration Manager, Data
Recovery Manager, and Online Certificate Status Manager.
NOTE
Only those who have the password that protects a token can access it. For
information on changing this password, use the
documentation for the tool can be found here:
http://www.mozilla.org/projects/security/pki/nss/tools/
Tokens for Storing CS Keys and Certificates
tool. The
certutil
Chapter 8
Administrative Basics
305
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?