Setting Up Certificate Based Enrollment - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Setting Up Certificate Based Enrollment
General guidelines to set up certificate-based enrollment are as follows:
•
Customize the enrollment form you want your users to use for enrollment.
•
Enable the appropriate enrollment option, such as directory-based enrollment or
certificate-based enrollment. Be sure to configure the authentication module to
compose the desired DN pattern.
•
To enable you to configure CS for certificate-based enrollment, the following three
enrollment forms are provided:
CertBasedDualEnroll.htm
❍
certificates—one for signing another for encryption—by submitting pre-issued
certificates as authentication tokens; when a user enrolls for a certificate, the server
verifies the CA that has issued the certificate the user uses for authentication, uses
the configured directory to formulate subject names for the new certificates, and
issues the certificates.
CertBasedEncryptionEnroll.html
❍
enables end users to request encryption certificates by submitting pre-issued
certificates as authentication tokens; when a user enrolls for a certificate, the server
verifies the CA that has issued the certificate the user uses for authentication, uses
the configured directory to formulate the subject name for the new certificate, and
issues the certificate.
CertBasedSingleEnroll.html
❍
end users to request signing certificates by submitting pre-issued certificates as
authentication tokens; when a user enrolls for a certificate, the server verifies the
CA that has issued the certificate the user uses for authentication, uses the
configured directory to formulate the subject name for the new certificate, and
issues the certificate.
Enabling certificate-based enrollment creates one link, named
the list of user-enrollment links in the end-entity enrollment interface. By default, the
link points to the
CertBasedDualEnroll.html
other two forms,
CertBasedEncryptionEnroll.html
CertBasedSingleEnroll.html
form you want to use or add more links to the
Note that all three enrollment forms by default work with the directory-based
authentication module, named
Based Enrollment" on page 374. You can use the certificate-based enrollment forms
with any of the authentication modules, for example, directory- and PIN-based
authentication modules. See the CS Customization Guide for details.
l—this form enables end users to request dual
—this form is provided as a sample. It
—this form is provided as a sample. It enables
form. If you want to use either of the
, you should associate the
index.html
, explained in "Setting Up Directory
UidPwdDirAuth
Certificate-Based Enrollment
, under
Certificate
or
link to the
Certificate
file.
Chapter 10
Authentication
391
Advertisement
Table of Contents
