Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 412
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Chapter 16. Managing Subsystem Certificates
subsystem certificates are made. These certificate requests are submitted to a CA (either a Certificate
System CA or a third-party CA) and must be installed in the Online Certificate Status Manager
database to complete the configuration process.
Section 16.1.3.2, "SSL Server Key Pair and Certificate"
•
Section 16.1.3.3, "Subsystem Certificate"
•
Section 16.1.3.4, "Audit Log Signing Key Pair and Certificate"
•
Section 16.1.3.5, "Recognizing Online Certificate Status Manager Certificates"
•
16.1.3.1. OCSP Signing Key Pair and Certificate
Every Online Certificate Status Manager has a certificate, the OCSP signing certificate, which has
a public key corresponding to the private key the Online Certificate Status Manager uses to sign
OCSP responses. The Online Certificate Status Manager's signature provides persistent proof
that the Online Certificate Status Manager has processed the request. This certificate is generated
when the Online Certificate Status Manager is configured. The default nickname for the certificate is
ocspSigningCert cert-instance_ID, where instance_ID is the Online Certificate Status Manager
instance name.
16.1.3.2. SSL Server Key Pair and Certificate
Every Online Certificate Status Manager has at least one SSL server certificate which was generated
when the Online Certificate Status Manager was configured. The default nickname for the certificate
is Server-Cert cert-instance_ID, where instance_ID identifies the Online Certificate Status
Manager instance name.
The Online Certificate Status Manager uses its server certificate for server-side authentication for the
Online Certificate Status Manager agent services page.
The Online Certificate Status Manager uses a single server certificate for authentication purposes.
Additional server certificates can be installed and used for different purposes.
16.1.3.3. Subsystem Certificate
Every member of the security domain is issued a server certificate to use for communications among
other domain members. The Online Certificate Status Manager is issued the subsystem certificate
when the instance is first configured, as with its SSL certificate.
The default nickname for the certificate is subsystemCert cert-instance_id.
16.1.3.4. Audit Log Signing Key Pair and Certificate
The OCSP keeps a secure audit log of all events which occurred on the server. To guarantee that the
audit log has not been tampered with, the log file is signed by a special log signing certificate.
The audit log signing certificate is issued when the server is first configured.
16.1.3.5. Recognizing Online Certificate Status Manager Certificates
Depending on the CA which signed the Online Certificate Status Manager's SSL server certificate, it
may be necessary to get the certificate and issuing CA recognized by the Certificate Manager.
390
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?