Certificate Manager Interfaces - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Many people no longer consider an RSA key of length less than 1024 bits to be
cryptographically strong. Export and other regulations permitting, it may be a good rule of
thumb to start with 1024 bits and consider increasing the length to 4096 bits for certificates
that provide access to highly sensitive data or services. However, the question of key length
has no simple answers. Every organization must make its own decision based on its own
security requirements. For more information on key length and encryption strength, see
Appendix D of Managing Servers with Red Hat Console.

Certificate Manager Interfaces

When you install a Certificate Manager, three interfaces are enabled. The installation
wizard lets you choose the ports these interfaces listen on. The following interfaces, and
associated ports will be created:
• An Administrative interface that is accessible by default only to members of the
Administrator and Auditor group. You specify the first administrator when you install
the subsystem. Administrators can configure any of the settings of the server. Most
basic functionality and subsystem specific configuration to the subsystem can be done
using the administrative interface.
The administrative interface listens to requests on the SSL Administration Port. This is
the port the CS administrative interface listens to, and that is accessed by
administrators and auditors using the Java based CS Console GUI application.
• An Agent Services interface that is accessible by default only to members of the Agent
group. You can choose to include the first administrator to also be the first agent when
you install the subsystem. Agents are users who can perform tasks associated with the
processing of requests and management of certificates. A Certificate Manager Agent
can change the status, change the details, reject or approve certificate and revocation
requests, revoke certificates, and approve and configure certificate profiles. The
agent's services interface is an HTML interface accessible through HTTPS that
authenticates agents using their certificate. The default interface provides all the
functionality needed by agents for a Certificate Manager and is completely
customizable.
The agent services interface listens to requests and communicates on the SSL Agent
Services Port. This is the port that the agent goes to in order to access the agent services
interface. The agent services interface is accessible at the following location:
https://<CS_host_dnsname>:<port_number>
For example:
https://services.example.com:7878
Certificate Manager Deployment Considerations
Chapter 3 Certificate Manager 83