Certificate Revocation Forms - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Challenge-Password-Based Revocation
A challenge password is a unique, alphanumeric string that the end user specifies when
requesting a certificate; the user is expected to keep this password confidential and use it to
authenticate to the server when revoking the certificate. When the server issues the
certificate, it associates the password with the certificate, stores both the certificate and
password in its internal database, and uses them later for authenticating any revocation
requests.
In the challenge-password-based revocation method, the server expects the end user to
specify the serial number of the certificate the user wants to revoke and the challenge
password associated with the certificate. The server verifies the authenticity of a revocation
request by mapping the serial number to the list of certificates in its internal database
followed by mapping the challenge password specified to the one associated with the
matching certificate it detects in the internal database.
Challenge passwords can only be set up with the agent-approved authentication method.
The form associated with the agent-approved authentication is the only form that contains
this capability.
The server revokes the certificate only if the certificate maps successfully to a valid or
expired certificates in its internal database. If the server detects a valid or expired certificate
with a matching serial number and challenge password, it automatically revokes the
certificate.
Certificate Revocation Forms
The end-entity services interface of the Certificate Manager and Registration Manager
includes default HTML forms for both the SSL client authenticated revocation and
challenge-password-based revocation. The forms are accessible from the Revocation tab.
You can view the form that enables SSL client authenticated revocation by clicking the
User Certificate link.
If you want to change the forms to suit your organization's requirements, you can edit the
following files:
•
ChallengeRevoke1.html
revocation of client or personal certificates)
•
UserRevocation.html
client or personal certificates)
Both the files are located in the following directory:
<server_root>/cert-<instance_id>/web-apps/ee/<subsystem>/
(the form that allows challenge password based
(the form that allows SSL client authenticated revocation of
Chapter 15
Revocation and CRLs
Revocation
571
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?