Using The End Users Services Interface - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.3 - ADMINISTRATION:
- Manual (98 pages) ,
- Release note (24 pages) ,
- Manual (92 pages)
Table of Contents
Advertisement
Chapter 5. Registration Authority
WARNING
The Subject DN must match the pattern specified in the Subject Name Constraint
definition of the enrollment profile. The default user enrollment profile is specified by /
var/lib/rhpki-ca/profiles/ca/caDualRAuserCert.cfg.
Consider the following example:
policyset.userCertSet.1.constraint.name=Subject Name Constraint
policyset.userCertSet.1.constraint.params.pattern=UID=.*
policyset.userCertSet.1.constraint.params.accept=true
Using this definition, certificates are only issued if the subject name matches the pattern "UID=.*".
Otherwise, the certificate request is rejected.
5.3.3. Using the End Users Services Interface
The following sections describe the functionality provided by the End Users Services Interface. This
interface provides enrollment services for SCEP, Server, User, and Agent Enrollment, as well as status
check functionality for submitted CSRs.
5.3.3.1. Cisco Router Certificate Enrollment on an RA Using SCEP
This section describes the process of using a Cisco router to enroll a certificate on an RA using SCEP
1
(Simple Certificate Enrollment Protocol). This protocol was designed by Cisco to provide a way for a
router to communicate with an RA or a CA for certificate enrollment purposes.
Normally, the Router Administrator enters the URL of the RA and a challenge password (sometime
referred to as a one-time PIN) into the router, and then issues a command to initiate the enrollment.
The router then communicates with the RA using the SCEP protocol to:
• Retrieve the CA certificate
• Submit the certificate request
• Retrieve the issued certificate
• Query the request status if the request is pending
SCEP specifies two modes of operation: RA mode; and CA mode. In RA mode, the enrollment request
is encrypted with the RA signing certificate. In CA mode, the request is encrypted with the CA signing
certificate.
The current implementation of RA and CA only supports the CA mode.
Previously known as CEP (Cisco Enrollment Protocol)
148
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE 7.1 ADMINISTRATOR
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.3 - ADMINISTRATION and is the answer not in the manual?
Questions and answers