Red_Hat_Certificate_System-8.1-Using_End_User_Services-en-US.pdf

(874 KB) Pobierz
Red Hat Certificate System 8.1 Using End User Services
1
Red Hat Certificate System
8.1
Using End User Services
for regular users to request and retrieve certificates
Ella Deon Lackey
dlackey@redhat.com
2
Legal Notice
Legal Notice
Copyright © 2012 Red Hat, Inc..
T he text of and illustrations in this document are licensed by Red Hat under a Creative Commons
Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at
http://creativecommons.org/licenses/by-sa/3.0/.
In accordance with CC-BY-SA, if you distribute this
document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section
4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo,
and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus T orvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States
and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other
countries.
All other trademarks are the property of their respective owners.
1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
January 31, 2012
Red Hat Certificate System 8.1 Using End User Services
3
Abstract
T his guide contains easy to follow information for end users who use Red Hat Certificate System
certificate authority and registration authority services to generate or submit certificate requests, check
on request status, receive certificates, and revoke certificates.
4
Table of Contents
Table of Contents
1. A Look at End User Services in Red Hat Certificate System
1.1. About Certificates and Cryptography
1.2. About CA Services
1.3. About RA Services
1.4. Supported Web Browsers
1.5. Supported Charactersets
1.6. Configuring Internet Explorer to Enroll Certificates
2. Getting and Managing Certificates through CA Services
2.1. Opening the CA Services Page
2.2. Generating Certificate Requests
2.3. Requesting Certificates
2.4. Checking on Your Request Status
2.5. Retrieving Your Certificates
2.6. Listing and Searching for Certificates
2.7. Renewing Certificates
2.8. Revoking Certificates
2.9. Downloading CA Certificates and Certificate Chains
3. Getting and Managing Certificates through RA Services
3.1. Opening the RA Services Page
3.2. Requesting Certificates
3.3. Checking on Your Request Status
3.4. Retrieving and Importing Certificates
3.5. Renewing User Certificates
4. Additional Reading
5. Giving Feedback
6. Document History
1. A Look at End User Services in Red Hat Certificate System
Red Hat Certificate System provides a simple way for people to obtain certificates that they need to
protect common Internet-based actions, like sending email, logging into a computer, or accessing a
protected website. Any user can access Certificate System's web-based certificate management
interface to request or receive a certificate.
1.1. About Certificates and Cryptography
Red Hat Certificate System provides a way for a company or group to create and manage certificates
locally.
A
certificate
is a file which proves the identity of a person, server, router, website, or other entity.
Certificates can also be used to encrypt and decrypt information; this is a vital function which protects
sensitive communication — from online shopping to email — by safely encoding the traffic using
mathematical algorithms to create a cipher.
A certificate is part of an overall strategy for
secure
(encrypted) communication. Some web protocols
such as Secure Sockets Layer (SSL) and T ransport Layer Security (T LS) use encryption to secure
Internet communications, as do VPNs, some intranets, email, and web browsers.
Secure communications are built around an
SSL handshake.
An SSL handshake is when a server
Red Hat Certificate System 8.1 Using End User Services
5
reaches out to a client (user) with some proof of its identity, such as a certificate; this is
server
authentication.
T he client can then accept that certificate to continue with the connection. T he server
may require some proof back from the user to verify his identity; this is
client authentication.
After the
server and client are shown to be authentic, then they can continue with their transactions.
T he transactions are encoded using agreed upon methods, called
ciphers.
T he cipher is used in
conjunction with a special number, called a key, to encrypt and decrypt the data being sent. A certificate,
along with identifying the user and the authority which issued it, defines what kind of ciphers it supports
and the public key for encrypting information.
T here are a number of different ways that the information can be encrypted for safe sending and then
decrypted for safe reading: asymmetric keys, symmetric keys, and shared keys. A key, in broad terms, is
combined with a mathematical algorithm to scramble data; if someone knows the matching key, then they
can use it to unscramble the data. A key, then, locks and unlocks data. A
public key
is known to both
groups in a secure connection, while a
private key
is held by one group. T he public key encrypts data;
the private key is used to decrypt it.
A certificate is created out of several pieces of information:
T he identity of the entity (such as its name)
A public key
T he name and digital signature of the certificate authority which issued the certificate
T he day that the certificate expires (called the
validity period)
A serial number
T his information creates a
fingerprint
for the certificate.
Zgłoś jeśli naruszono regulamin