Dns In The Certificate System - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

Chapter 4. Certificate Manager
SHA1withRSA, if the key type is RSA; and token_name is the name of the token used
for generating the key pair and the certificate. If the internal/software token is used, use
Internal Key Storage Token as the value.
For example, the entries might look like this:
ca.crl_signing.cacertnickname=crlSigningCert cert-rhpki-ca
ca.crl_signing.defaultSigningAlgorithm=MD5withRSA
ca.crl_signing.tokenname=Internal Key Storage Token
d. Save the changes, and close the file.
9. Restart the Certificate Manager.
/etc/init.d/rhpki-ca restart
Now the Certificate Manager is ready to use the CRL signing certificate to sign the CRLs it
generates.

4.12. DNs in the Certificate System

In certificates issued by the Certificate System, DNs identify the entity that owns the certificate. In
all cases, if the Certificate System is connected with a Directory Server, the format of the DNs in the
certificates should match the format of the DNs in the directory. It is not necessary that the names
match exactly; certificate mapping allows the subject DN in a certificate to be different from the one in
the directory.
In the Certificate System, the DN is based on the components, or attributes, defined in the X.509
Table 4.3, "Allowed Characters for Value Types"
standard.
set of attributes is extensible.
Attribute
cn
ou
o
c
l
st
street
title
uid
mail
dc
serialnumber
unstructuredname
128
Value Type
DirectoryString
DirectoryString
DirectoryString
PrintableString , two-
character
DirectoryString
DirectoryString
DirectoryString
DirectoryString
DirectoryString
IA5String
IA5String
PrintableString
IA5String
lists the attributes supported by default. The
Object Identifier
2.5.4.3
2.5.4.11
2.5.4.10
2.5.4.6
2.5.4.7
2.5.4.8
2.5.4.9
2.5.4.12
0.9.2342.19200300.100.1.1
1.2.840.113549.1.9.1
0.9.2342.19200300.100.1.2.25
2.5.4.5
1.2.840.113549.1.9.2