Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 7

6.1.2. OCSP Responses .......................................................................................... 158
6.2. CA OCSP Services .................................................................................................. 158
6.2.1. The Certificate Manager's Internal OCSP Service ............................................ 158
6.2.2. Online Certificate Status Manager ................................................................... 158
6.3. Online Certificate Status Manager Certificates ............................................................ 159
6.3.1. OCSP Signing Key Pair and Certificate ........................................................... 159
6.3.2. SSL Server Key Pair and Certificate ............................................................... 159
6.3.3. Recognizing Online Certificate Status Manager Certificates .............................. 160
6.4. Configuring the Online Certificate Status Manager ...................................................... 160
6.5. Creating Online Certificate Status Manager Agents and Administrators ......................... 161
6.6. Configuring the Certificate Manager's Internal OCSP Service ...................................... 162
6.7. Setting up the OCSP Responder ............................................................................... 163
6.8. Identifying the CA to the OCSP Responder ................................................................ 164
6.8.1. Verify Certificate Manager and Online Certificate Status Manager Connection ..... 165
6.8.2. Configure the Revocation Info Stores .............................................................. 165
6.9. Testing the OCSP Service Setup ............................................................................... 166
6.10. Submitting OCSP Requests Using the GET Method .................................................. 167
6.11. Setting up a Redirect for Certificates Issued in Certificate System 7.1 and Earlier ......... 169
7. Data Recovery Manager
7.1. PKI Setup for Archiving and Recovering Keys ............................................................ 173
7.2. Data Recovery Manager Certificates .......................................................................... 173
7.2.1. Transport Key Pair and Certificate .................................................................. 174
7.2.2. Storage Key Pair ........................................................................................... 174
7.2.3. SSL Server Certificate .................................................................................... 174
7.3. Forms for Users and Key Recovery Agents ................................................................ 174
7.4. Overview of Archiving Keys ....................................................................................... 175
7.4.1. Reasons to Archive Keys ............................................................................... 175
7.4.2. Where the Keys Are Stored ............................................................................ 175
7.4.3. How Key Archival Works ................................................................................ 175
7.5. Overview of Key Recovery ........................................................................................ 177
7.5.1. Key Recovery Agents and Their Passwords .................................................... 177
7.5.2. Key Recovery Agent Scheme ......................................................................... 178
7.6. Configuring Key Archival and Recovery Process ........................................................ 178
7.6.1. Setting up Key Archival .................................................................................. 178
7.6.2. Setting up Key Recovery ................................................................................ 179
7.6.3. Testing the Key Archival and Recovery Setup .................................................. 180
7.7. Creating Data Recovery Manager Agents and Administrators ...................................... 181
8. Token Processing System
8.1. Working with Multiple Instances of a Subsystem ......................................................... 183
8.1.1. Configuring Failover Support .......................................................................... 184
8.1.2. Configuring Multiple Instances for Different Functions ....................................... 184
8.2. Formatting Smart Cards ............................................................................................ 186
8.3. Resetting the Smart Card PIN ................................................................................... 186
8.4. Applet Upgrade ........................................................................................................ 186
8.5. Enrolling Smart Cards through the Enterprise Security Client ....................................... 187
8.5.1. Enabling SSL in the TPS ............................................................................... 188
8.5.2. Configuring Server-Side Key Generation and Archival of Encryption Keys .......... 189
8.5.3. Looking at Smart Card Certificate Enrollment Profiles ....................................... 191
8.5.4. Automating Encryption Key Recovery .............................................................. 192
8.5.5. Configuring Symmetric Key Changeover ......................................................... 194
173
183
vii