Creating Custom Renewal Profiles - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
4.7.1.2. Renewal Types in Certificate System
As with any certificate request, a renewal request has to be approved before the CA will issue the new
certificate. Certificate System has three renewal types, depending on the authorization method used to
verify the requester, and any of the three types can be used to renew any kind of certificate:
• Agent-based renewal, where the agent manually approves the request
• Directory-based renewal, where the requester authenticates to an LDAP directory
• Certificate-based renewal, where the certificate stored in the browser's database is used to
authenticate the requester
Authentication is covered in
TIP
Email notifications can be configured for renewal requests; this is described in
Section 10.2, "Setting up Automated Notifications for the CA"
"Configuration Parameters of
4.7.2. Creating Custom Renewal Profiles
Certificate renewal regenerates a certificate using its original public key, certificate extensions and
constraints, and subject name. A renewed certificate is identical to the original, except that it has a
new expiration date.
When a certificate is renewed, it has to be renewed using a renewal profile that corresponds to
the initial enrollment profile. Certificate System supports renewals both for tokens and for regular
certificates, both through the RA and the CA.
The default configuration profiles cover user certificates and other types of subsystem certificates, as
well as token renewals, but it may be necessary or convenient to create a special renewal profile for a
custom enrollment form.
4.7.2.1. Default Renewal Profiles
Certificate System contains three default renewal profiles for renewing user certificates.
Renewal Profile
caDirUserRenewal.cfg
caManualRenewal.cfg
caSSLClientSelfRenewal.cfg
Table 4.4. Renewal Profiles
4.7.2.2. Creating an Enrollment Profile
A custom profile is configured the same as described in
There are two settings that must be present in the profile, however, to allow renewal for the certificate:
a setting on whether renewal is allowed and a setting on the time period when renewal is allowed.
The renewal parameter sets whether renewal is allowed. This must be true:
Chapter 9, Authentication for Enrolling
certRenewalNotifier".
Creating Custom Renewal Profiles
Certificates.
and
Type
Directory-based
Agent-based
Certificate-based
Section 2.2, "Setting up Certificate
Section 11.3.3,
Profiles".
119
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?