Table of Contents
Advertisement
Chapter 1. Agent Services
1.1.1.2. Registration Manager
A registration authority is an intermediary between a user or location and a CA. The registration
authority processes and authenticates enrollment requests; approved requests are then sent to the CA
for it to issue the new certificate. Breaking the approval and issuance steps into separate subsystems
takes some of the burden off centralized CAs.
RAs agents can approve or reject certificate requests. They can also revoke certificates which they
approved.
1.1.1.3. Data Recovery Manager
A Data Recovery Manager (DRM) oversees the long-term archival and recovery of private encryption
keys for end entities. A Certificate Manager or TPS can be configured to archive end entities' private
encryption keys with a DRM as part of the process of issuing new certificates.
The DRM is useful only if end entities are encrypting data, using applications such as S/MIME email,
that the organization may need to recover someday. It can be used only with client software that
supports dual key pairs; two separate key pairs, one for encryption and one for digital signatures. It is
also possible to perform server-side key generation using the TPS server when enrolling smart cards.
NOTE
The DRM archives encryption keys. It does not archive signing keys, since archiving
signing keys would undermine the non-repudiation properties of dual-key certificates.
1.1.1.4. Online Certificate Status Manager
An Online Certificate Status Manager works as an online certificate validation authority and allows
OCSP-compliant clients to verify certificates' current status. The Online Certificate Status Manager
can receive CRLs from multiple Certificate Managers; clients then query the OCSP service for the
revocation status of certificates issued by all Certificate Managers. For example, in a PKI comprising
multiple CAs (a root CA and many subordinate CAs), each CA can be configured to publish its CRL
to the Online Certificate Status Manager, allowing all clients in the PKI deployment to verify the
revocation status of a certificate by querying a single OCSP service.
NOTE
An online certificate-validation authority is often referred to as an OCSP responder.
1.1.1.5. Token Processing System
The Token Processing System (TPS) acts as a registration authority for authenticating and processing
smart card enrollment requests, PIN reset requests, and formatting requests from the Enterprise
Security Client.
2
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
Related Products for Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006