About The Registration Manager; How The Registration Manager Works - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
How Certificate System Works
CRLs
Whenever a certificate is revoked, any CRLs that are set up are edited and updated in the
internal database. It is also published to a file, an LDAP directory, or an OSCP responder, if
you have set up these services. You can configure the Certificate Manager to issue CRLs,
and also define CRL Issuing Points that define which certificates go into each CRL, such as
CA signing certificates, or for a subset of a type of certificates, such as those certificates
issued to west coast employees.
The publishing framework allows you the flexibility to define which CRL is published
where. It also allows you to define the extensions contained in a CRL, and the frequency
and intervals when a CRL are published.
You can also provide delta CRLs allowing you to publish a list of only those certificates
have been revoked since a certain date.
See Chapter 15, "Revocation and CRLs" for complete details.
About the Registration Manager
The Registration Manager is an optional subsystem of CS that can act as a Registration
Authority (RA). It establishes a trusted relationship with a Certificate Manager in which its
signed requests are processed. The Registration Manager is able to accept enrollment,
renewal, and revocation requests; process those requests either by agents or through an
automated means; provide agent initiated requests for enrollment, renewal, and revocation;
send signed requests to a Certificate Manager, and disburse certificates that are created by
the Certificate Manager. You can set up a Registration Manager outside a firewall to protect
a Certificate Manager behind a firewall, or you can use a Registration Manager to balance
the incoming load for a Certificate Manager by off loading the enrollment and approval to
one or more Registration Manager.
The Registration Manager cannot issue, renew, or revoke certificate, and does not compile
CRLs. It can publish certificates, but it cannot publish CRLs.
It can, however, be configured for authentication, authorization, certificate profiles, policies
in an almost identical manner as a Certificate Manager.
How the Registration Manager Works
This sections details the processes that a Registration Manager goes through, and the
various configuration settings involved in those processes.
44
Red Hat Certificate System Administrator's Guide • September 2005
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?