Table of Contents
Advertisement
Chapter 4. Additional Installation Options
TIP
Editing certificate profiles is covered in the Administrator's Guide.
Each of the subsystem certificate profiles can be edited:
• caInternalAuthOCSPCert.cfg
• caInternalAuthTransportCert.cfg
• caInternalAuthAuditSigningCert.cfg
• caInternalAuthServerCert.cfg
• caInternalAuthDRMstorageCert.cfg
• caInternalAuthSubsystemCert.cfg
The hashing algorithms that are available depend on whether RSA or ECC is selected as the key type.
For RSA, the available algorithms are as follows:
• SHA256withRSA (the default)
• SHA1withRSA
• SHA256withRSA
• SHA512withRSA
• MD5withRSA
• MD2withRSA
For ECC:
• SHA256withEC (the default)
• SHA1withEC
• SHA384withEC
• SHA512withEC
4.4. Enabling IPv6 for a Subsystem
Certificate System automatically configures and manages connections between subsystems. Every
subsystem must interact with a CA as members of a security domain and to perform their PKI
operations.
For these connections, Certificate System subsystems can be recognized by their host's fully-
qualified domain name or an IP address. By default, Certificate System resolves IPv4 addresses
and hostnames automatically, but Certificate System can also use IPv6 for their connections.
IPv6 is supported for all server connections: to other subsystems, to the administrative console
(pkiconsole), or through command-line scripts such as tpsclient.
70
Advertisement
Table of Contents
