Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 816

Certificate Enrollment Protocol (CEP) A certificate management protocol jointly
developed by Cisco Systems and VeriSign, Inc. CEP is an early implementation of
Certificate Management Messages over Cryptographic Message Syntax (CMC). CEP
specifies how a device communicates with a CA, including how to retrieve the CA's public
key, how to enroll a device with the CA, and how to retrieve a CRL. CEP uses PKCS #7
and PKCS #10. For more information about CEP, see
.
http://www.cisco.com/warp/public/778/security/821_pp.htm
certificate extensions An X.509 v3 certificate contains an extensions field that permits
any number of additional fields to be added to the certificate. Certificate extensions provide
a way of adding information such as alternative subject names and usage restrictions to
certificates. A number of standard extensions have been defined by the PKIX working
group. Older versions of Netscape browsers and servers support Red Hat-specific
extensions that were required (mainly to indicate certificate usage) before standard
extensions were defined.
certificate fingerprint A one-way hash associated with a certificate. The number is not
part of the certificate itself, but is produced by applying a hash function to the contents of
the certificate. If the contents of the certificate changes, even by a single character, the same
function produces a different number. Certificate fingerprints can therefore be used to
verify that certificates have not been tampered with.
Certificate Management Messages over Cryptographic Message Syntax (CMC)
Message format used to convey a request for a certificate to a Registration Manager or
Certificate Manager. A proposed standard from the Internet Engineering Task Force (IETF)
PKIX working group. For detailed information, see
.
http://www.ietf.org/internet-drafts/draft-ietf-pkix-cmc-02.txt
Certificate Management Message Formats (CMMF) Message formats used to convey
certificate requests and revocation requests from end entities to a Registration Manager or
Certificate Manager and to send a variety of information to end entities. A proposed
standard from the Internet Engineering Task Force (IETF) PKIX working group. CMMF is
subsumed by another proposed standard, Certificate Management Messages over
Cryptographic Message Syntax (CMC). For detailed information, see
.
http://www.ietf.org/internet-drafts/draft-ietf-pkix-cmmf-02.txt
Certificate Manager An independent CS subsystem capable of acting as a stand-alone
certificate authority. A Certificate Manager instance issues, renews, and revokes
certificates, which it can publish along with CRLs to an LDAP directory. It can be
configured to accept requests from end entities, Registration Managers, or both. When set
up to work with a separate Registration Manager, the Certificate Manager processes
requests and returns the signed certificates to the Registration Manager. See certificate
authority (CA).
816 Red Hat Certificate System Administrator's Guide • September 2005