About This Guide

This guide describes the Agent Services interface that Red Hat Certificate System (CS) agent uses to administer a subsystem's certificates and keys.

This preface contains the following sections:

Who Should Read This Guide

This guide is intended for Certificate System agents-that is, privileged users designated by the Certificate System administrator to manage requests from end entities for certificate-related services. Each installed CS manager (Certificate Manager, Registration Manager, Data Recovery Manager, and Online Certificate Status Manager) can have one or more agents.

What You Should Know

Before reading this guide, you should be familiar with the basic concepts of public-key cryptography and the Secure Sockets Layer (SSL) protocol. These include the following topics:

Encryption and decryption
Public keys, private keys, and symmetric keys
Digital signatures
The role of digital certificates in a public-key infrastructure (PKI)
Certificate hierarchies
SSL cipher suites
The purpose of and major steps in the SSL handshake

What's in This Guide

This guide describes the duties of the agents for the various CS subsystems and explains how to accomplish each task.


Chapter 1, "Agent Services"	Provides an overview of the product and identifies the different kinds of users, including agents. The chapter also summarizes the tasks of each subsystem agent and lists the HTML forms you use to perform agent tasks. Finally, the chapter explains how to access the Agent Services pages and forms.
Chapter 2, "Working with Certificate Profiles"	Provides an overview of the profiles feature and details how an agent enables and disables profiles.
Chapter 3, "Handling Certificate Requests"	As a Certificate Manager or Registration Manager agent, you are responsible for handling requests for certificates that are made by end entities (end users, server administrators, or other CS subsystems) using manual enrollment. This chapter describes the general procedure for handling requests and explains how to handle different aspects of certificate request management.
Chapter 4, "Finding and Revoking Certificates"	Explains how, as a Certificate Manager agent, you can use the Agent Services page to find and examine a specific certificate issued by Certificate System, or retrieve a list of certificates that match specified criteria. This chapter also explains how to revoke certificates, and manage the certificate revocation list.
Chapter 5, "Publishing to a Directory"	Describes how a Certificate Manager agent can update the LDAP directory with the current status of certificates.
Chapter 6, "Recovering Encrypted Data"	Describes how to process key recovery requests, and how to recover stored encrypted data when the encryption key has been lost. This service is only available when the Data Recovery Manager is installed.
Chapter 7, "Managing OCSP Service Related Tasks"	Describes how to handle tasks related to the CS OCSP responder, Online Certificate Status Manager. This service is only available when the Online Certificate Status Manager subsystem is installed.

Conventions Used in This Guide

The following conventions are used in this guide:


Monospaced font	This typeface is used for any text that appears on the computer screen or text that you should type. It's also used for filenames, functions, and examples.
	Example: Server Root is the directory where the CS binaries are kept.
Italic	Italic type is used for emphasis, book titles, and glossary terms.
	Example: This control depends on the access permissions the super administrator has set up for you.
Boldface	Boldface type is used for various UI components such as captions and field names, and the terminology explained in the glossary.
	Example:
	Rotation frequency. From the drop-down list, select the interval at which the server should rotate the active error log file. The available choices are Hourly, Daily, Weekly, Monthly, and Yearly. The default selection is Monthly.
Monospaced [ ]	Square brackets enclose commands that are optional.
	Example: PrettyPrintCert <input_file> [<output_file>]
	<input_file> specifies the path to the file that contains the base-64 encoded certificate.
	<output_file> specifies the path to the file to write the certificate. This argument is optional; if you don't specify an output file, the certificate information is written to the standard output.
Monospaced <>	Angle brackets enclose variables or placeholders. When following examples, replace the angle brackets and their text with text that applies to your situation. For example, when path names appear in angle brackets, substitute the path names used on your computer.
	Example: Using Netscape Communicator 4.7 or later, enter the URL for the Red Hat Administration Server: http://<hostname>:<port_number>
/	A slash is used to separate directories in a path.
	Example: Except for the Security Module Database Tool, you can find all the other command-line utilities at this location: <server_root>/bin/cert/tools

Notes and Cautions:


Note	A note alerts you to information that may be of interest to you.


Caution	A caution signals a potential risk of losing data, damaging software or hardware, or otherwise disrupting system performance.

Documentation

The document set for Certificate System also contains the following guides:

Managing Servers with Red Hat Console - Provides background information on basic cryptography concepts and the role of Red Hat Console.

CS Administrator's Guide - Describes how to plan for, install, and administer CS.

CS Command-Line Tools Guide - Provides detailed reference information on CS tools.

CS Customization Guide - Provides detailed reference information on customizing the HTML-based agent and end-entity interfaces.

CS Agent's Guide (this guide) - Provides detailed reference information on CS agent interfaces. To access this information from the Agent Services pages, click any help button.

For the latest information about Certificate System, including current release notes, complete product documentation, technical notes, and deployment information, check this site:

http://www.redhat.com/docs/manuals/cert-system/