Certificate System User Types - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

Hide thumbs Also See for CERTIFICATE SYSTEM 8 - DEPLOYMENT:

Manual (86 pages)

Install manual (132 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

page of 114

/ 114
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 6. Setting up a Common Criteria Environment

6.4.1. Certificate System User Types

Each Certificate System subsystem has up to four roles. While the names of the user roles

(administrator, agent, auditors, and trusted managers), the functions of each role is slightly different for

each subsystem, according to the functions of the subsystem:

• Administrators

• Can start and stop the server from the command-line.

• Can perform all configuration management for CA, including configuring certificate profiles in

the console by specifying the set of acceptable values for fields and extensions for certificate

enrollment requests.

• Agents

NOTE

All agent operations are performed over SSL or using an SSL-capable browser.

• For the Certificate Manager. Can approve the fields and extensions to be included in a certificate

in the certificate profiles that have been enabled and configured by the administrator.

• For the Certificate Manager. Can run tools to pre-approve certificate enrollment and revocation

requests.

• For the Data Recovery Manager. Can approve recovery of subject private keys.

• For the Data Recovery Manager. Can export recovered subject private keys.

• For the Online Certificate Status Manager. Can add CRLs.

• For the Online Certificate Status Manager. Can define supported CAs.

• For the Token Processing System. Can approve token enrollment requests.

• Auditors

• Can view signed audit logs from the IT environment. This is the only role allowed to view audit

logs.

• Can verify audit log signatures by running the AuditVerify tool.

• Trusted manager

The trusted manager role is a special role for other subsystem instances, not for users, for

inter-CIMC_boundary communication. The trust is established using SSL authentication and

authorization. Users cannot be assigned to this role; it is only for establishing trust between two

subsystems.

The agents roles in Certificate System for the CA, DRM, TKS, and TPS map directly to the

"Officer" role defined in the Common Criteria profile, while the OCSP agents are sub-group of the

"Administrator" role.

Table of Contents

Certificate System User Types - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

6.4.1. Certificate System User Types

Related Manuals for Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT

Related Content for Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT

Table of Contents