Red Hat Certificate System Services; Interfaces For Administrators - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

Red Hat Certificate System Services

After installation, the TPS configuration file, CS.cfg, can have additional CA, DRM, and TKS
instances added for provide failover support, so if the primary subsystem is unavailable, the TPS can
switch to the next available system without interrupting its token services.
1.5. Red Hat Certificate System Services
There are three different interfaces for managing certificates and subsystems, depending on the user
type: administrators, agents, and end users. This section gives an overview of the different functions
that are performed through each interface.

1.5.1. Interfaces for Administrators

The administrative interface is used to manage the subsystem itself. This includes adding users,
configuring logs, managing profiles and plug-ins, and the internal database, among many other
functions. This interface is also the only interface that does not directly deal with certificates, tokens, or
keys, meaning it is not used for managing the PKI, only the servers.
There are two types of administrative consoles, Java-based and HTML-based. Although the interface
is different, both are accessed using a server URL and the administrative port number.
1.5.1.1. The Java Administrative Console for CA, OCSP, DRM, and TKS
Subsystems
The Java console is used by four subsystems: the CA, OCSP, DRM, and TKS. The console is
accessed using a locally-installed pkiconsole utility. It can access any subsystem because
the command requires the hostname, the subsystem's administrative SSL port, and the specific
subsystem type.
pkiconsole https://server.example.com:admin_port/subsystem_type
Figure 1.6, "Certificate System Console".
This opens a console, as in
13