Features
•
Supports signature key lengths of up to 1024 bits (DSA) and 4096 (RSA) on both
hardware and software tokens.
•
Supports multiple message formats, such as KEYGEN/SPAC, CRMF/CMMF,
CRS/CEP/SCEP, and PKCS #10 and CMC for certificate requests. All requests are
delivered to CS over HTTP or HTTPS; in the case of CRS/CEP/SCEP protocol, the
delivery method is always over HTTP.
•
Supports certificate formats that encompass certificates for SSL-based client and server
authentication, secure Multipurpose Internet Mail Extensions (S/MIME) message
signing and encryption, object signing, VPN clients, and Cisco™ routers.
•
Supports generation and publication of CRLs conforming to X.509 version 1 and 2.
•
Publishes certificates and CRLs to the any LDAP-compliant directory over LDAP and
HTTP/HTTPS connections.
•
Publishes certificates and CRLs to a flat file for importing into other resources. For
example, the sample code for Flat File CRL and certificate publisher can be customized
to store certificates and CRLs in an Oracle RDBMS
•
Publishes CRLs to an online validation authority (or OCSP responder), enabling
real-time verification of certificates by OCSP-compliant clients.
Java SDK Extension Mechanism for Customization
The software development kit (SDK) provided with CS includes APIs and tutorials for
customizing different aspects of the system. You can write the following custom modules:
•
Authentication
•
Authorization
•
Logs
•
Policy
•
Certificate Profiles
•
Jobs
•
Mapper and publisher classes
36
Red Hat Certificate System Administrator's Guide • September 2005
TM
.