Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 212
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.3 - ADMINISTRATION:
- Manual (98 pages) ,
- Release note (24 pages) ,
- Manual (92 pages)
Table of Contents
Advertisement
Chapter 8. Token Processing System
4. Select the TPS user, click Certificates, and import the TPS susbsystem certificate.
8.5.2.2. Step 2: Importing the DRM Transport Key into the TKS
Several different keys are used to encrypt the communications between the TKS, TPS, DRM, and
token, and all of these certificates and keys are secured, at some point, by the DRM's transport key.
The DRM creates a transport certificate which works with the TKS to provide a secure way to deliver
the generated keys to the token. The server transport key must be imported into the TKS certificate
database in order to establish secure communication between the DRM and TKS through the TPS.
Additionally, the TKS can derive a key encryption key (KEK) which is only known by the token and
the TKS and never leaves either the TKS or the token without proper encryption. This key has to be
secured.
The TKS also generates a session key for the DRM to use to transport the server-generated private
key securely back to the token.
The server transport key delivers the session key in two different forms to the TPS:
• The session key wrapped with server transport key which the DRM uses to wrap the generated
private key for token
• The session key wrapped with token's KEK which the token uses to unwrap the private key
generated on DRM
The TPS then forwards the session key to the DRM, wrapped with the KEK and the server transport
key, along with the server-side key generation request.
To import the DRM transport key into the TKS certificate database:
1. Retrieve the DRM transport certificate from the issuing CA, and save it to file.
2. Import the transport certificate into the TKS security databases in the /var/lib/instance_ID/
alias/ directory. In the TKS Console, click Subsystem Keys and Certificates in the left
navigation panel. In the Local Certificates tab, click Add, and paste in the certificate information.
Alternatively, use the certutil to import the certificate.
certutil -d . -P cert-db-prefix -A -n DRM Transport -t ,, -a -i certfilename
3. Stop the TKS.
/etc/init.d/instance_ID stop
4. Edit the CS.cfg file by adding the DRM transport certificate information to the following
parameter:
tks.drm_transport_cert_nickname=DRM Transport
5. Restart the TKS.
/etc/init.d/instance_ID restart
190
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE 7.1 ADMINISTRATOR
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.3 - ADMINISTRATION and is the answer not in the manual?
Questions and answers