Management Tools; Jre - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

• FIPS 140-1 module. This module complies with the FIPS 140-1 government standard
for implementations of cryptographic modules. Many products sold to the US
government must comply with one or more of the FIPS standards. The FIPS 140-1
module includes a single, built-in FIPS 140-1 Certificate DB token (as shown in Figure
1-5 on page 56), which handles both cryptographic operations and communication with
the certX.db and keyX.db files.
Any PKCS #11 module can be used with CS. The server uses a file called secmod.db to
keep track of the modules that are available. You can modify this file using the
tool, which is explained in the following documentation:
http://www.mozilla.org/projects/security/pki/nss/tools/
For example, you need to modify secmod.db if you are installing hardware accelerators for
use in signing operations.

Management Tools

Command line tools are provided by CS for occasional management of the CS system:
• backup/restore tool
• password cache tool
• audit log signature verification tool
• enrollment pin generation tool
• mass revocation tool
• (signed) CS request tool
• bulk certificate issuance tool

JRE

JRE (Java Runtime Environment) provides the Java Virtual Machine (JVM) and supporting
class libraries needed to run CS.
System Architecture
modutil
Chapter 1 Overview 61