Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual page 101

certificate-based
authentication
certificate chain
certificate extensions
certificate fingerprint
Certificate Management
Messages over
Cryptographic Message
Syntax (CMC)
Certificate Management
Message Formats (CMMF)
Certificate Manager
Certificate Manager agent
entity named in the issuer field of a certificate is always a CA.
Certificate authorities can be independent third parties or a person or
organization using certificate-issuing server software, such as Red
Hat Certificate System.
Authentication based on certificates and public-key cryptography. See
password-based authentication.
also
A hierarchical series of certificates signed by successive certificate
authorities. A CA certificate identifies a
is used to sign certificates issued by that authority. A CA certificate
can in turn be signed by the CA certificate of a parent CA, and so on
root CA. Certificate System allows any end entity to retrieve all
up to a
the certificates in a certificate chain.
An X.509 v3 certificate contains an extensions field that permits any
number of additional fields to be added to the certificate. Certificate
extensions provide a way of adding information such as alternative
subject names and usage restrictions to certificates. A number of
standard extensions have been defined by the PKIX working group.
one-way hash
A associated with a certificate. The number is not part
of the certificate itself, but is produced by applying a hash function
to the contents of the certificate. If the contents of the certificate
changes, even by a single character, the same function produces
a different number. Certificate fingerprints can therefore be used to
verify that certificates have not been tampered with.
Message format used to convey a request for a certificate to
a Certificate Manager. A proposed standard from the Internet
Engineering Task Force (IETF) PKIX working group. For detailed
http://www.ietf.org/internet-drafts/draft-ietf-pkix-
information, see
cmc-02.txt.
Message formats used to convey certificate requests and revocation
requests from end entities to a Certificate Manager and to send a
variety of information to end entities. A proposed standard from the
Internet Engineering Task Force (IETF) PKIX working group. CMMF
is subsumed by another proposed standard,
Messages over Cryptographic Message Syntax
http://www.ietf.org/internet-drafts/draft-ietf-pkix-
information, see
cmmf-02.txt.
An independent Certificate System subsystem that acts as a
certificate authority. A Certificate Manager instance issues, renews,
and revokes certificates, which it can publish along with CRLs to an
LDAP directory. It accepts requests from end entities. See
authority (CA).
A user who belongs to a group authorized to manage agent services
for a Certificate Manager. These services include the ability to access
and modify (approve and reject) certificate requests and issue
certificates.
certificate authority (CA)
Certificate Management
(CMC). For detailed
certificate
and
91