Red_Hat_Certificate_System-8.1-Admin_Guide-en-US.pdf

(7506 KB) Pobierz
Red Hat Certificate System 8.1 Admin Guide
1
Red Hat Certificate System
8.1
Admin Guide
for administrators
Edition 8.1.0
Ella Deon Lackey
dlackey@redhat.com
2
Legal Notice
Legal Notice
Copyright © 2009 Red Hat, Inc..
T he text of and illustrations in this document are licensed by Red Hat under a Creative Commons
Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at
http://creativecommons.org/licenses/by-sa/3.0/.
In accordance with CC-BY-SA, if you distribute this
document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section
4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo,
and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus T orvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States
and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other
countries.
All other trademarks are the property of their respective owners.
1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
January 31, 2012, updated October 3, 2012
Red Hat Certificate System 8.1 Admin Guide
3
Abstract
T his manual covers all aspects of installing, configuring, and managing Certificate System subsystems. It
also covers management tasks such as adding users; requesting, renewing, and revoking certificates;
publishing CRLs; and managing smart cards. T his guide is intended for Certificate System
administrators.
4
Table of Contents
Table of Contents
About T his Guide
1. Recommended Concepts
2. What Is in T his Guide
3. Supported Platforms, Hardware, and Programs
3.1. Supported Platforms
3.2. Supported Web Browsers
3.3. Supported Smart Cards
3.4. Supported HSM
3.5. Supported Charactersets
4. Examples and Formatting
4.1. Formatting for Examples and Commands
4.2. T ool Locations
4.3. Guide Formatting
5. Additional Reading
6. Giving Feedback
7. Document History
1. Overview of Red Hat Certificate System Subsystems
1.1. How Certificates Are Used
1.1.1. Uses for Certificates
1.1.2. T ypes of Certificates
1.2. A Review of Certificate System Subsystems
1.2.1. Certificate Manager
1.2.2. Registration Authority
1.2.3. Data Recovery Manager
1.2.4. Online Certificate Status Manager
1.2.5. T oken Processing System
1.2.6. T oken Key Service
1.2.7. Enterprise Security Client
1.3. A Look at Managing Certificates (Non-T MS)
1.4. A Look at the T oken Management System (T MS)
1.5. Red Hat Certificate System Services
1.5.1. Interfaces for Administrators
1.5.2. Agent Interfaces
1.5.3. End User Pages
1.5.4. Enterprise Security Client
I. Setting up Certificate Services
2. Making Rules for Issuing Certificates
2.1. About Certificate Profiles
2.1.1. T he Profile
2.1.2. Certificate Extensions: Defaults and Constraints
2.1.3. Inputs and Outputs
2.2. Setting up Certificate Profiles
2.2.1. Creating Certificate Profiles through the CA Console
2.2.2. Editing Certificate Profiles in the Console
2.2.3. Creating and Editing Certificate Profiles through the Command Line
2.2.4. Defining Key Defaults in Profiles
2.2.5. Configuring Cross-Pair Profiles
Red Hat Certificate System 8.1 Admin Guide
5
2.2.6. List of Certificate Profiles
2.3. Configuring Custom Enrollment Profiles to Use with an RA
2.3.1. Default RA Profiles
2.3.2. Creating RA Enrollment Forms
2.3.3. Configuring the Request Queues
2.4. Configuring Renewal Profiles
2.4.1. About Renewal
2.4.2. Creating Custom Renewal Profiles
2.5. Managing Smart Card CA Profiles
2.5.1. Editing Enrollment Profiles for the T PS
2.5.2. Creating Custom T PS Profiles
2.5.3. Using the Windows Smart Card Logon Profile
2.6. Setting the Signing Algorithms for Certificates
2.6.1. Setting the CA's Default Signing Algorithm
2.6.2. Setting the Signing Algorithm Default in a Profile
2.7. Managing CA-Related Profiles
2.7.1. Setting Restrictions on CA Certificates
2.7.2. Changing the Restrictions for CAs on Issuing Certificates
2.7.3. Allowing a CA Certificate to Be Renewed Past the CA's Validity Period
2.8. Managing Subject Names and Subject Alternative Names
2.8.1. Using the Requester CN or UID in the Subject Name
2.8.2. Inserting LDAP Directory Attribute Values and Other Information into the Subject Alt
Name
2.8.3. Changing DN Attributes in CA-Issued Certificates
2.8.4. Customizing the Subject DN in a Certificate Request Issued by an RA
3. Setting up Key Archival and Recovery
3.1. About Key Archival and Recovery
3.2. Manually Setting up Key Archival
3.3. Setting up Agent-Approved Key Recovery Schemes
3.3.1. Configuring Agent-Approved Key Recovery in the Console
3.3.2. Configuring Agent-Approved Key Recovery in the Command Line
3.3.3. Customizing the Key Recovery Form
3.4. T esting the Key Archival and Recovery Setup
3.5. Rewrapping Keys in a New Private Storage Key
3.5.1. About DRMT ool
3.5.2. Rewrapping and Merging Keys in a New DRM
4. Requesting, Enrolling, and Managing Certificates
4.1. About Enrolling and Renewing Certificates
4.2. Configuring Internet Explorer to Enroll Certificates
4.3. Requesting and Receiving Certificates
4.3.1. Requesting and Receiving a User or Agent Certificate through the End-Entities
Page
4.3.2. Requesting Certificates Using certutil
4.4. Signing Files with Certificates
4.5. Performing Bulk Issuance
4.6. Enrolling a Certificate on a Cisco Router
4.6.1. Enabling SCEP Enrollments
4.6.2. Configuring Security Settings for SCEP

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin