Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 8

Admin Guide
12.3.1. Configuring the password.conf .............................................................. 286
12.3.2. Protecting the password.conf File .......................................................... 286
12.3.3. Requiring System Password Prompts .................................................... 287
12.3.4. Changing System Passwords ............................................................... 293
12.3.5. Password-Quality Checker .................................................................... 293
12.4. Configuration Files for Web Services ............................................................... 294
13. Basic Subsystem Management
13.1. Starting and Stopping Subsystem Instances ..................................................... 295
13.1.1. Starting and Stopping a Subsystem Server Instance ............................... 295
13.1.2. Restarting a Subsystem after a Machine Restart .................................... 295
13.1.3. Checking the Subsystem Instance Status .............................................. 295
13.1.4. Managing Subsystem Processes with chkconfig ..................................... 296
13.2. Opening Subsystem Consoles and Services ..................................................... 298
13.2.1. Finding the Subsystem Web Services Pages ......................................... 298
13.2.2. Starting the Certificate System Administrative Console ........................... 300
13.3. Customizing Web Services Pages ................................................................... 301
13.3.1. Customizing CA End-Entities Pages ...................................................... 301
13.3.2. Customizing RA End-Entities Pages ...................................................... 303
13.3.3. Setting Limits on Searches through the CA End-Entities Pages ............... 304
13.4. Configuring Ports ............................................................................................ 306
13.4.1. Changing a Port Number ...................................................................... 307
13.4.2. Using a Single SSL Port ....................................................................... 308
13.4.3. Updating Existing CAs to Use End-Entity Client Authentication Ports
(Avoiding TLS-Related Man-in-the-Middle Attacks) ............................................ 309
13.5. Configuring the LDAP Database ...................................................................... 312
13.5.1. Changing the Internal Database Configuration ....................................... 313
13.5.2. Enabling SSL Client Authentication with the Internal Database ................ 314
13.5.3. Restricting Access to the Internal Database ........................................... 317
13.6. Searching the SQLite Database ....................................................................... 318
13.7. Viewing Security Domain Configuration ............................................................ 318
13.8. Managing the SELinux Policies for Subsystems ................................................ 319
13.8.1. About SELinux ..................................................................................... 320
13.8.2. Viewing SELinux Policies for Subsystems .............................................. 320
13.9. Backing up and Restoring Certificate System ................................................... 322
13.10. Self-Tests ..................................................................................................... 324
13.10.1. Self-Test Logging ............................................................................... 324
13.10.2. Configuring Self-Tests ......................................................................... 324
13.10.3. Modifying Self-Test Configuration ........................................................ 325
14. Managing Certificate System Users and Groups
14.1. About Authorization ......................................................................................... 327
14.2. Default Groups ............................................................................................... 327
14.2.1. Administrators ...................................................................................... 328
14.2.2. Auditors ............................................................................................... 329
14.2.3. Agents ................................................................................................. 329
14.2.4. Enterprise Groups ................................................................................ 329
14.3. Managing Users and Groups for a CA, OCSP, DRM, or TKS ............................. 330
14.3.1. Managing Groups ................................................................................ 330
14.3.2. Managing Users ................................................................................... 331
14.4. Creating and Managing Users and Groups for an RA ........................................ 336
14.4.1. Managing RA Groups ........................................................................... 337
viii
295
327