Within the CS component, a set of common modules (all can be extended with customized
JAVA plug-ins) are provided for all subsystems (although some may not be utilized by
default setting, they are all available for further customization):
•
Authentication where authentication managers can be extended.
•
Authorization where authorization managers can be extended—the default is access
control list from the Internal LDAP database.
•
ACL evaluators where expression evaluators can be extended for Access Control List
evaluation—the default user/group evaluators.
•
Certificate Profiles where certificate extensions and constraints can be extended.
•
Job scheduler where cronical scheduled events can be extended.
•
Email notification where email notification can be extended.
•
Event listeners where event listeners can be extended.
•
Publishing where publisher and its mapper can be extended.
•
Logging includes signed audit logs; where logging mechanism can be extended.
•
Self-test where CS start-up/on-demand self-tests can be extended.
•
Servlets depending on subsystem installation selection; where servlets can be extended.
•
Password quality checker where password strength/quality checker can be extended.
HTTP Engine
CS employs the Red Hat Enterprise Server as its HTTP engine. It provides the entry point
for users/applications of all types to access CS's functions. As discussed in the System
Overview, CS provides three types of entry points, each serving one or more interfaces:
•
End-Entity Entry Point— provides entry point for end-entity and server certificate
enrollments of all types. A set of customizable HTML forms are provided at this port
for CA and RA end-entity users for different types of enrollment, renewal, revocation,
or certificate pick-up activities. OCSP responder only takes OCSP request format,
while a DRM does not provide any end-entity services. The client applications used to
access this entry point must have the capability to act as an SSL client. A common
client application is a browser such as the Netscape browser.
System Architecture
Chapter 1
Overview
57