Table Of Contents - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

About This Guide
1. Examples and Formatting .............................................................................................. vii
1.1. Formatting for Examples and Commands ............................................................. vii
1.2. Tool Locations .................................................................................................... viii
1.3. Guide Formatting ............................................................................................... viii
2. Additional Reading ........................................................................................................ viii
3. Giving Feedback ............................................................................................................ ix
4. Document History ............................................................................................................ x
1. Introduction to Public-Key Cryptography
1.1. Encryption and Decryption ............................................................................................ 1
1.1.1. Symmetric-Key Encryption ................................................................................. 2
1.1.2. Public-Key Encryption ........................................................................................ 2
1.1.3. Key Length and Encryption Strength ................................................................... 3
1.2. Digital Signatures ......................................................................................................... 4
1.3. Certificates and Authentication ...................................................................................... 5
1.3.1. A Certificate Identifies Someone or Something .................................................... 5
1.3.2. Authentication Confirms an Identity ..................................................................... 5
1.3.3. How Certificates Are Used ................................................................................. 9
1.3.4. Contents of a Certificate .................................................................................. 13
1.3.5. How CA Certificates Establish Trust .................................................................. 16
1.4. Managing Certificates ................................................................................................. 21
1.4.1. Issuing Certificates .......................................................................................... 21
1.4.2. Key Management ............................................................................................ 22
1.4.3. Renewing and Revoking Certificates ................................................................. 22
2. Overview of Red Hat Certificate System Subsystems
2.1. A Review of Certificate System Subsystems ................................................................ 23
2.1.1. About the Certificate Manager (CA) .................................................................. 24
2.1.2. About the Registration Manager (RA) ............................................................... 26
2.1.3. About OCSP Services ...................................................................................... 27
2.1.4. About the Data Recovery Manager (DRM) ........................................................ 29
2.1.5. About the Token Processing System (TPS) ....................................................... 32
2.1.6. About the Token Key Service (TKS) .................................................................. 33
2.2. Red Hat Certificate System Services ........................................................................... 33
2.2.1. Interfaces for Administrators ............................................................................. 33
2.2.2. Agent Interfaces .............................................................................................. 36
2.2.3. End User Pages .............................................................................................. 37
2.2.4. Enterprise Security Client ................................................................................. 38
3. Supported Standards and Protocols
3.1. PKCS #11 .................................................................................................................. 41
3.2. SSL/TLS, ECC, and RSA ........................................................................................... 42
3.2.1. Supported Cipher Suites for RSA ..................................................................... 43
3.2.2. Using ECC ...................................................................................................... 43
3.3. IPv4 and IPv6 Addresses ........................................................................................... 44
3.4. Supported PKIX Formats and Protocols ....................................................................... 45
3.5. Supported Security and Directory Protocols ................................................................. 46
4. Major Features in Certificate System
4.1. Certificate Issuance .................................................................................................... 49
4.2. Authentication for Certificate Enrollment ....................................................................... 49
4.3. Certificate Profiles ...................................................................................................... 49
vii
1
23
41
49
iii