Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual page 44

Chapter 2. Overview of Red Hat Certificate System Subsystems
2.2.1.1. The Java Administrative Console for CA, OCSP, DRM, and TKS
Subsystems
The Java console is used by four subsystems: the CA, OCSP, DRM, and TKS. The console is
accessed using a locally-installed pkiconsole utility. It can access any subsystem because
the command requires the hostname, the subsystem's administrative SSL port, and the specific
subsystem type.
pkiconsole https://server.example.com:admin_port/subsystem_type
This opens a console, as in
Figure 2.2. Certificate System Console
The Configuration tab controls all of the setup for the subsystem, as the name implies. The choices
available in this tab are different depending on which subsystem type the instance is; the CA has
the most options since it has additional configuration for jobs, notifications, and certificate enrollment
authentication.
All subsystems have four basic options:
• Users and groups
• Access control lists
• Log configuration
• Subsystem certificates (meaning the certificates issued to the subsystem for use, for example, in the
security domain or audit signing)
The Status tab shows the logs maintained by the subsystem.
2.2.1.2. The Administrative Interface for the RA and TPS
The RA and TPS subsystems use HTML-based administrative interfaces. These are accessed by
entering the hostname and secure port as the URL, authenticating with the administrator's certificate,
and clicking the appropriate Administrators link.
NOTE
There is a single SSL port for RA and TPS subsystems which is used for both
administrator and agent services. Access to those services is restricted by certificate-
34
Figure 2.2, "Certificate System Console".