Account Links: Cart | Register | Log In

Skip to content

Back to classroom courses >

RHS435 Red Hat Enterprise Certificate Management

Course Outline

Unit 1 - A Review of Public and Private Key Encryption

  • Identity, Public Keys, and Digital Certificates
  • Symmetric and Public Key Encryption
  • Authentication Using Public-Key Encryption
  • Data Integrity Through Message Digests
  • Applying and Verifying a Digital Signature
  • X.509 Certificates

Unit 2 - Public Key Infrastructure and the Red Hat Certificate System

  • Certificates and Certificate Authorities
  • Elements of a Public Key Infrastructure
  • X.509 Certificates and Public Keys
  • Red Hat Certificate System
  • Users and Authorization
  • Plug-in Modules
  • Profiles
  • Certificate Manager Graphical Console
  • End Entity and Agent Services
  • User Identity and Distinguished Names
  • Certificate Extensions
  • Hands-on Lab: Installing and Configuring the Red Hat Certificate Manager

Unit 3 - Authentication, Authorization and ACLs

  • The Certificate System's Authorization Framework
  • How Authorization Works
  • Default Groups, ACLs, and ACIs
  • Authentication Options for Certificate Enrollment
  • End Entity Enrollment, Plug-ins, and Server Certificate
  • Hands-on Lab: Manage administrators and agents

Unit 4 - CMS and Common Criteria

  • What is Common Criteria?
  • Why Would We Like to be CC Certified?
  • CC Security Levels
  • What is a Protection Profile (PP)?
  • Why Common Criteria for Red Hat Certificate System?
  • Installing Certificate System for a CC Environment
  • Common Criteria Deployment Scenarios
  • Installing and Configuring a CA in CC Environment
  • Hands-on Lab: Manage console client authentication

Unit 5 - Self signed root CA and chained CAs

  • Self Signed Root CA and Subordinate CAs
  • Certificate Manager Subordination and Constraints
  • Subordination to Other CAs
  • Certificate Chain
  • Cloned CA
  • Hands-on Lab: Installing and touring subordinate CAs

class="redNote"

  • Using the Console to configure policy
  • Policy Plug-ins
  • Applying Policies and Configuring Rules
  • Policy Rules Ordering
  • Basic Constraints
  • Certificate Profiles
  • Hands-on Lab: Use Profiles and Policy Plug-ins

Unit 7 - Command Line Tools

  • Why command line utilities?
  • Displaying certificate information: PrettyPrintCert and PrettyPrintCrl
  • Extracting information from the certificate database: certutil
  • Non-certificate system based tools
  • Hands-on Lab: Exploring Command Line Tools

Unit 8 - Troubleshooting Guide for CMS

  • Command Line Utilities
  • Error Messages and Log Files
  • LDAP Monitor
  • SSL Debug
  • Troubleshooting Tools and Tips

Unit 9 - Certificates, Enrollments, Publishing

  • Enrollment: servlets, and authentication and policy modules
  • Manual Authentication
  • Automatic Authentication: LDAP-based
  • Registration - PIN Based
  • Issuance and Pickup
  • Publish Certificates in LDAP
  • Hands-on Lab: Certificates, Enrollments, Publishing

Unit 10 - CRLs, OCSP Responder

  • CRLs and Revocation
  • CRLs and CAs
  • CRLs and Validation
  • CRL Issuing Points
  • OCSP Responder
  • Hands-on Lab: CRLs and OCSP Responders

Unit 11 - Key Archival and Recovery

  • PKI Setup for Key Archival and Recovery
  • Data Recovery Manager Overview
  • DRM: Key Archival and Recovery
  • Hands-on Lab: Setting up a Data Recovery Manager instance

Unit 12 - Certificate Renewal

  • Certificate Validity
  • Renewing and Re-issuing Certificates
  • Renewal Policies
  • Root CA Change Effects
  • Possible Problems
  • Hands-on Lab: Certificate Renewal

Unit 13 - Cross certificates

  • Issuing, Importing, and Publishing Cross-Pair Certificates
  • Hands-on Lab: Cross Certificates

Unit 14 - End Entity and Agent Services Interface Customization

  • Service Interface Overview
  • Responses and Output Templates
  • Templates
  • End Entity and Agent Services Interface Forms and Templates
  • Hands-on Lab: End Entity and Agent Services Interface Customization

Links for this sub-section: