Questions For Planning The Certificate System - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

Chapter 5. Planning the Certificate System
Administrators are allowed to select any of the tokens that are logged in as the default token, which is
used to generate system keys.

5.7. Questions for Planning the Certificate System

• Will the PKI allow replacement keys? Will it require key archival and recovery?
• Will local offices need to process their own certificate requests? Will there be a large number of
certificate requests?
• Will many external clients need to validate certificate status? Can the internal OCSP in the
Certificate Manager handle the load?
• Will the organization use smart cards? If so, will temporary smart cards be allowed if smart cards
are mislaid, requiring key archival and recovery?
• What are the requirements for the CA signing certificate? Does the Certificate System need control
over attributes like the validity period? How will the CA certificates be distributed?
• Will any subsystems need to be cloned and, if so, what are the methods for securely storing their
key materials?
• How many security domains will be created, and what subsystem instances will be placed in each
domain?
• Are trusted relationships required for subsystems in different security domains?
• What kinds of certificates will be issued? What characteristics do they need to have, and what
profile settings are available for those characteristics? What restrictions need to be placed on the
certificates?
• What are the requirements for approving a certificate request? How does the requester authenticate
himself, and what kind of process is required to approve the request?
• Where will certificates and CRLs be published? What configuration needs to be done on the
receiving end for publishing to work? What kinds of certificates or CRLs need to be published and
how frequently?
• What subsystems should be placed behind firewalls? What clients or other subsystems need to
access those firewall-protected subsystems and how will access be granted? Is firewall access
allowed for the LDAP database?
• What subsystems need to be physically secured? How will access be granted, and who will be
granted access?
• What is the physical location of all agents and administrators? What is the physical location of the
subsystems? How will administrators or agents access the subsystem services in a timely-manner?
Is it necessary to have subsystems in each geographical location or time zone?
• What ports should be assigned for each subsystem? Is it necessary to have a single SSL port, or is
it better to have port separation for extra security?
78