Ca Distinguished Name; Ca Signing Certificate Validity Period; Signing Key Type And Length - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 8 - DEPLOYMENT:
- Manual (86 pages) ,
- Install manual (132 pages)
Table of Contents
Advertisement
must be requested with the appropriate extensions. After installing the certificate, the publishing
directory must be configured to use the new server certificate.
• Any number of SSL server certificates can be issued for a subsystem instance, but it really only
needs one SSL certificate. This certificate can be renewed or replaced as many times as necessary.
5.4.2. CA Distinguished Name
The core elements of a CA are a signing unit and the Certificate Manager identity. The signing
unit digitally signs certificates requested by end entities. A Certificate Manager must have its own
distinguished name (DN), which is listed in every certificate it issues.
Like any other certificate, a CA certificate binds a DN to a public key. A DN is a series of name-
value pairs that in combination uniquely identify an entity. For example, the following DN identifies a
Certificate Manager for the Engineering department of a corporation named Example Corporation:
cn=demoCA, o=Example Corporation, ou=Engineering, c=US
Many combinations of name-value pairs are possible for the Certificate Manager's DN. The DN must
be unique and readily identifiable, since any end entity can examine it.
5.4.3. CA Signing Certificate Validity Period
Every certificate, including a Certificate Manager signing certificate, must have a validity period. The
Certificate System does not restrict the validity period that can be specified. Set as long a validity
period as possible, depending on the requirements for certificate renewal, the place of the CA in the
certificate hierarchy, and the requirements of any public CAs that are included in the PKI.
A Certificate Manager cannot issue a certificate that has a validity period longer than the validity period
of its CA signing certificate. If a request is made for a period longer than the CA certificate's validity
period, the requested validity date is ignored and the CA signing certificate validity period is used.
5.4.4. Signing Key Type and Length
A signing key is used by a subsystem to verify and "seal" something. CAs use a CA signing certificate
to sign certificates or CRLs that it issues; OCSPs use signing certificates to verify their responses to
certificate status requests; all subsystems use log file signing certificates to sign their audit logs.
The signing key must be cryptographically strong to provide protection and security for its signing
operations. Certificate System supports six signing algorithms, by default, two in the MD family, four in
the SHA family, and one for ECC encryption:
• MD2withRSA
• MD5withRSA
• SHA1withRSA
• SHA256withRSA
• SHA512withRSA
• SHA1withEC
CA Distinguished Name
67
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
Related Products for Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8 - DEPLOYMENT and is the answer not in the manual?
Questions and answers