About The Certificate Manager - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
How Certificate System Works
Jobs
The Jobs feature allows you to set up automated jobs that run at defined intervals. See
Chapter 14, "Automated Jobs" for complete details.
About the Certificate Manager
The Certificate Manager subsystem provides the capability of a Certificate Authority. It can
issue, renew, revoke, and publish certificates as well as compiling and publishing CRLs.
The Certificate Manager acts as a Certificate Authority (CA). It can be configured as a
self-signing CA, where it is the root CA, or it can act as a subordinate CA, where it obtains
its own signing certificate from a public CA.
Scalability
You can configure more than one CA either forming a vertical or horizontal chain of CAs.
For example, you can create a root CA for your deployment that is either self-signing or
subordinate to a public CA and then have one or more CAs below this root CA. Those CAs
can have further CAs below them forming a chain of CA's. You can also clone a CA so that
two CAs are set up in an identical manner and use the same CA signing Certificate, but each
uses a different set of serial numbers for the certificates it issues.
Federal Bridge Certificate Authority
CS also allows you to create a trusted relationship between two separate CAs by issuing and
storing cross-signed certificates between these two CAs. This feature of the PKI is called
Federal Bridge Certificate Authority (FBCA). This feature allows you to trust certificates
issued by a CA outside of your PKI that shares a cross-signed certificate with the CA in
your PKI.
Certificate Manager Functionality
The Certificate Manager issues, renews, and revokes certificates when it receives signed
requests from either its own agents (user's who are assigned privileges to approve
enrollment, renewal, and revocation requests), from a trusted Registration Manager, or from
a third-party application that sends a signed request using its agent certificate that is set up
for CMC enroll or revoke with the Certificate Manager.
The Certificate Manager also compiles lists of revoked certificates, called Certificate
Revocation Lists (CRLs) that it can publish to files, an LDAP directory, or an OCSP
service.
The Certificate Manager maintains a database of issued certificates, and of processed
requests, so that it can track renewal, expiration, and revocation.
40
Red Hat Certificate System Administrator's Guide • September 2005
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?