Data Recovery Manager Certificates - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
• If the Online Certificate Status Manager's server certificate is signed by the CA that is publishing
CRLs, then nothing needs to be done.
• If the Online Certificate Status Manager's server certificate is signed by the same root CA that
signed the subordinate Certificate Manager's certificates, then the root CA must be marked as a
trusted CA in the subordinate Certificate Manager's certificate database.
• If the Online Certificate Status Manager's SSL server certificate is signed by a different root CA,
then the root CA certificate must be imported into the subordinate Certificate Manager's certificate
database and marked as a trusted CA.
If the Online Certificate Status Manager's server certificate is signed by a CA within the selected
security domain, the certificate chain is imported and marked when the Online Certificate Status
Manager is configured. No other configuration is required. However, if the server certificate is signed
by an external CA, the certificate chain has to be imported for the configuration to be completed.
NOTE
Not every CA within the security domain is automatically trusted by the OCSP Manager
when it is configured. Every CA in the certificate chain of the CA configured in the CA
panel is, however, trusted automatically by the OCSP Manager. Other CAs within the
security domain but not in the certificate chain must be added manually.
16.1.4. Data Recovery Manager Certificates
The DRM uses the following key pairs and certificates:
Section 16.1.4.1, "Transport Key Pair and Certificate"
•
Section 16.1.4.2, "Storage Key Pair"
•
Section 16.1.4.3, "SSL Server Certificate"
•
Section 16.1.4.4, "Subsystem Certificate"
•
Section 16.1.4.5, "Audit Log Signing Key Pair and Certificate"
•
16.1.4.1. Transport Key Pair and Certificate
Every DRM has a transport certificate. The public key of the key pair that is used to generate the
transport certificate is used by the client software to encrypt an end entity's private encryption key
before it is sent to the DRM for archival; only those clients capable of generating dual-key pairs use
the transport certificate.
16.1.4.2. Storage Key Pair
Every DRM has a storage key pair.
The DRM uses the public component of this key pair to encrypt (or wrap) private encryption keys
when archiving the keys. It uses the private component to decrypt (or unwrap) the archived key during
recovery. For more information on how this key pair is used, see
and
Recovery.
Data Recovery Manager Certificates
Chapter 3, Setting up Key Archival
391
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers