Table of Contents
Advertisement
Planning the Installation
A:
A Certificate Manager can be configured as either a root CA or a subordinate CA. The difference
between a root CA and a subordinate CA is who signs the CA signing certificate. A root CA
signs its own certificate. A subordinate CA has another CA (either internal or external) sign its
certificate.
A self-signing root CA issues and signs its own CA signing certificate. This allows the CA to set
its own configuration rules, like validity periods and the number of allowed subordinate CAs.
A subordinate CA has its certificates issued by a public CA or another Certificate System root
CA. This CA is subordinate to the other CA's rules about its certificate settings and how the
certificate can be used, such as the kinds of certificates that it can issue, the extensions that it
is allowed to include in certificates, and the levels of subordinate CAs the subordinate CA can
create.
One option is to have the Certificate manager subordinate to a public CA. This can be very
restrictive, since it introduces the restrictions that public CAs place on the kinds of certificates
the subordinate CA can issue and the nature of the certificate chain. On the other hand, one
benefit of chaining to a public CA is that the third party is responsible for submitting the root CA
certificate to a web browser or other client software, which is a major advantage for certificates
that are accessed by different companies with browsers that cannot be controlled by the
administrator.
The other option is make the CA subordinate to a Certificate System CA. Setting up a Certificate
System CA as the root CA means that the Certificate System administrator has control over
all subordinate CAs by setting policies that control the contents of the CA signing certificates
issued.
It is easiest to make the first CA installed a self-signed root, so that it is not necessary to apply
to a third party and wait for the certificate to be issued. Make sure that you determine how many
root CAs to have and where both root and subordinate CAs will be located.
7
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 8
Related Products for Red Hat CERTIFICATE SYSTEM 8
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE