Administrator's Guide
Red Hat Certificate System                                                            
Previous
 Contents
 Index
 Next

About This Guide

This Administrator's Guide explains how to install, configure, and maintain Red Hat Certificate System (CS), and use it for issuing and managing certificates to various end entities, such as web browsers (users), servers, Virtual Private Network (VPN) clients, and Cisco routers.

This preface has the following sections:

Who Should Read This Guide

This guide is intended for experienced system administrators who are planning to deploy CS. CS agents should refer to CS Agent's Guide for information on how to perform agent tasks, such as handling certificate requests and revoking certificates.

What You Should Know

This guide assumes the following:

What's in This Guide

This guide contains the following elements:

Chapter 1, "Overview"

Provides a listing of the features of CS, an overview of how CS works, an architectural overview of CS, and lists the standards used in the product.

Chapter 2, "Installation"

Provides step-by-step installation instructions.

Chapter 3, "Certificate Manager"

Provides information about installing a Certificate Manager, step-by-step instructions for installing a Certificate Manager, an overview of the configuration options for a Certificate Manager, information about Federal Bridge CA, and information on setting up a cloned CA.

Chapter 4, "Registration Manager"

Provides information about installing a Registration Manager, step-by-step instructions for installing a Registration Manager, and an overview of the configuration options for a Registration Manager.

Chapter 5, "OCSP Responder"

Provides information about installing an Online Certificate Status Manager, step-by-step instructions for installing an Online Certificate Status Manager, and an overview of the configuration options for an Online Certificate Status Manager.

Chapter 6, "Data Recovery Manager"

Provides information about installing a Data Recovery Manager, step-by-step instructions for installing a Data Recovery Manager, and an overview of the configuration options for a Data Recovery Manager.

Chapter 8, "Administrative Basics"

Provides information and procedures for performing configuration that is common to all subsystems including working in the administrative interface; starting and stopping the server; working with logs; working with self-test; managing the database; and managing the certificate database.

Chapter 9, "Authorization"

Provides information and procedures for setting up Access Control Lists that define authorization, creating users, and assigning users to groups to give them the privileges defined by the ACLs for that group.

Chapter 10, "Authentication"

Provides information and procedures for setting up various authentication methods to automate the enrollment process.

Chapter 11, "Certificate Profiles"

Provides information and procedures for configuring the profile feature.

Chapter 12, "Policies"

Provides information and procedures for configuring the policy feature.

Chapter 13, "Automated Notifications"

Provides information and procedures for configuring the notification feature.

Chapter 14, "Automated Jobs"

Provides information and procedures for configuring the jobs feature.

Chapter 15, "Revocation and CRLs"

Provides information and procedures for configuring the crls feature, and revoking certificates.

Chapter 16, "Publishing"

Provides information and procedures for configuring the publishing feature.

Appendix , ""

Provides information about clones, failover, and configuring CS for failover support.

Appendix A, "Common Criteria Environment: Security Requirements"

Provides security requirements for running CS in the Common Criteria Environment.

Appendix B, "Common Criteria Environment: Setup and Operations"

Provides details on setting up CS in the Common Criteria Environment.

Appendix C, "Understanding the Common Criteria Evaluated CS Setup"

Provides information about running CS in the Common Criteria Environment.

Appendix F, "Certificate Download Specification"

Provides information about the certificate download specification.

Appendix G, "Certificate and CRL Extensions"

Provides general information about Certificate and CRL extensions.

Appendix H, "Object Identifiers"

Provides general information about object identifiers.

Appendix I, "Distinguished Names"

Provides general information about distinguished names.

Appendix J, "Introduction to Public-Key Cryptography"

Provides general information about public-key cryptography.

Appendix K, "Introduction to SSL"

Provides introductory information about SSL.


Conventions Used in This Guide

The following conventions are used in this guide:

Monospaced font

This typeface is used for any text that appears on the computer screen or text that you should type. It's also used for filenames, functions, and examples.

 

Example: Server Root is the directory where the CS binaries are kept.

Italic

Italic type is used for emphasis, book titles, and glossary terms.

 

Example: This control depends on the access permissions the super administrator has set up for you.

Boldface

Boldface type is used for various UI components such as captions and field names, and the terminology explained in the glossary.

 

Example:

 

Rotation frequency. From the drop-down list, select the interval at which the server should rotate the active error log file. The available choices are Hourly, Daily, Weekly, Monthly, and Yearly. The default selection is Monthly.

Monospaced [ ]

Square brackets enclose commands that are optional.

 

Example:

PrettyPrintCert <input_file> [<output_file>]

 

<input_file> specifies the path to the file that contains the base-64 encoded certificate.

 

<output_file> specifies the path to the file to write the certificate. This argument is optional; if you don't specify an output file, the certificate information is written to the standard output.

Monospaced <>

Angle brackets enclose variables or placeholders. When following examples, replace the angle brackets and their text with text that applies to your situation. For example, when path names appear in angle brackets, substitute the path names used on your computer.

 

Example: Using Netscape Communicator 4.7 or later, enter the URL for the Red Hat Administration Server: http://<hostname>:<port_number>

/

A slash is used to separate directories in a path.

 

Example: Except for the Security Module Database Tool, you can find all the other command-line utilities at this location: <server_root>/bin/cert/tools


Notes and Cautions:

Note

A note alerts you to information that may be of interest to you.

Caution

A caution signals a potential risk of losing data, damaging software or hardware, or otherwise disrupting system performance.


Documentation

The document set for Certificate System also contains the following guides:

Managing Servers with Red Hat Console - Provides background information on basic cryptography concepts and the role of Red Hat Console.

CS Administrator's Guide (this guide) - Describes how to plan for, install, and administer CS.

CS Command-Line Tools Guide - Provides detailed reference information on CS tools.

CS Customization Guide - Provides detailed reference information on customizing the HTML-based agent and end-entity interfaces.

CS Agent's Guide - Provides detailed reference information on CS agent interfaces. To access this information from the Agent Services pages, click any help button.

For the latest information about Certificate System, including current release notes, complete product documentation, technical notes, and deployment information, check this site:

http://www.redhat.com/docs/manuals/cert-system/



Previous
 Contents
 Index
 Next
© 2001 Sun Microsystems, Inc. Used by permission. © 2005 Red Hat, Inc. All rights reserved.
Read the Full Copyright and Third-Party Acknowledgments.

 last updated September 26, 2005