About The Registration Manager (Ra) - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

Chapter 2. Overview of Red Hat Certificate System Subsystems
• If the notification feature is set up, the link where the certificate can be obtained is sent to the
end user.
10. An automatic notice can be sent to the end entity when the certificate is issued or rejected.
11. The new certificate is stored in the Certificate Manager's internal database.
12. If publishing is set up for the Certificate Manager, the certificate is published to a file or an LDAP
directory.
13. The internal OCSP service checks the status of certificates in the internal database when a
certificate status request is received.
The end-entity interface has a search form for certificates that have been issued and for the CA
certificate chain.
2.1.1.2. Renewal
When certificates reach their expiration date, they can either be allowed to lapse, or they can be
renewed.
Renewal regenerates a certificate request using the existing key pairs for that certificate, and then
resubmits the request to Certificate Manager. The renewed certificate is identical to the original (since
it was created from the same profile using the same key material) with one exception — it has a
different, later expiration date.
Renewal can make managing certificates and relationships between users and servers much
smoother, because the renewed certificate functions precisely as the old one. For user certificates,
renewal allows encrypted data to be accessed without any loss.
2.1.1.3. Revocation
End entities can request that their own certificates be revoked. When an end entity makes the request,
the certificate has to be presented to the CA. If the certificate and the keys are available, the request is
processed and sent to the Certificate Manager, and the certificate is revoked. The Certificate Manager
marks the certificate as revoked in its database and adds it to any applicable CRLs.
An agent can revoke any certificate issued by the Certificate Manager by searching for the certificate
in the agent services interface and then marking it revoked. Once a certificate is revoked, it is marked
revoked in the database and in the publishing directory, if the Certificate is set up for publishing.
If the internal OCSP service has been configured, the service determines the status of certificates by
looking them up in the internal database.
Automated notifications can be set to send email messages to end entities when their certificates are
revoked by enabling and configuring the certificate revoked notification message.

2.1.2. About the Registration Manager (RA)

A registration authority (RA) is an intermediary between a user and a CA. It accepts enrollment
requests and then authenticates them locally. If the request is approved, the RA sends the request to
the CA to issue the certificate and, once the certificate is issued, sends the certificate back to the user.
26