Using Trusted Managers; Determining The Requirements For Subsystem Certificates; Determining Which Certificates To Install - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

Hide thumbs Also See for CERTIFICATE SYSTEM 8 - DEPLOYMENT:

Manual (86 pages)

Install manual (132 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

page of 114

/ 114
Contents
Table of Contents
Bookmarks

Table of Contents

• The Certificate System security domain allows an offline CA to be set up. In this scenario, the offline

root has its own security domain. All online subordinate CAs belong to a different security domain.

• The security domain streamlines configuration between the CA and OCSP. The OCSP can push

its information to the CA for the CA to set up OCSP publishing and also retrieve the CA certificate

chain from the CA and store it in the internal database.

5.3.2. Using Trusted Managers

Trust relationships can be configured between subsystems in different security domains by using

special trusted managers. Basically, a trusted manager is a member of a special group in the

subsystem's user configuration. Another subsystem can be added as a member of that group and all

of its certificates — SSL server certificate, signing certificates, storage and transport certificates (for

DRMs) — can be added to establish trusted relationships.

5.4. Determining the Requirements for Subsystem

Certificates

The CA configuration determines many of the characteristics of the certificates which it issues,

regardless of the actual type of certificate being issued. Constraints on the CA's own validity period,

distinguished name, and allowed encryption algorithms impact the same characteristics in their issued

certificates. Additionally, the Certificate Managers have predefined profiles that set rules for different

kinds of certificates that they issue, and additional profiles can be added or modified. These profile

configurations also impact issued certificates.

5.4.1. Determining Which Certificates to Install

When a Certificate System subsystem is first installed and configured, the certificates necessary

to access and administer it are automatically created. These include an agent's certificate, server

certificate, and subsystem-specific certificates. These initial certificates are shown in

Subsystem

Certificates".

Subsystem

Certificate Manager

OCSP

Using Trusted Managers

Table 5.1, "Initial

Table of Contents

Using Trusted Managers; Determining The Requirements For Subsystem Certificates; Determining Which Certificates To Install - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

5.3.2. Using Trusted Managers

5.4.1. Determining Which Certificates to Install

Related Manuals for Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT

Related Content for Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT

Table of Contents