Today we are pleased to announce the general availability of Red Hat Certificate System 7.3. Containing a highly configurable set of software components and tools for creating, deploying and managing certificates, Red Hat Certificate System is a powerful security framework to guarantee the identity of users and ensure privacy of communications. Based on open standards for certificate management, Certificate System provides a complete, customizable, robust, scalable and high-performance certificate management solution for public-key infrastructure (PKI), extranets and intranets.

The release boasts multiple new features:

  • Registration Authority (RA)
    A front-end subsystem to the Certificate Authority (CA), the RA performs local authentication, requestor information gathering and request validation. It is also responsible for forwarding requests to the CA for signing.
  • Simple Certificate Enrollment Protocol (SCEP)
    A protocol designed by Cisco, SCEP specifies a way for a router to communicate with RAs and CAs for enrollment. Red Hat Certificate System 7.3 enables routers to enroll for a certificate from an RA using this protocol.
  • Auto-Enrollment Proxy (AEP)
    Designed to integrate seamlessly with an existing Windows Active Directory (AD) infrastructure, the AEP allows users and computers in a Microsoft Windows domain to automatically enroll for certificates issued from Red Hat Certificate System.
  • Security Officer (SO) mode
    Smart Card Manager, in conjunction with the latest TPS Server software, now supports a special “Security Officer” mode of operation. This special mode, presented as an alternative to the standard user centric experience, allows a supervisory individual (e.g. Security Officer), the ability to oversee the face-to-face enrollment of regular users in a given organization.
  • In addition to Windows and Red Hat Enterprise Linux, the Enterprise Security Client (ESC) now supports Intel MAC 10.4.x.

Use of certificates with Red Hat Enterprise Linux 5:

Red Hat Certificate system can be used together with smart cards to increase the level of authentication security. Red Hat Certificate System can create and manage an end user’s certificate which is stored on a smart card.

The end user can insert his smart card into a smart card reader attached to a Red Hat Enterprise Linux 5 system. The end user then authenticates with his/her PIN and smartcard to gain access. The system can leverage this smart card authentication to generate a Kerberos ticket for the user that enables single-sign on to kerberos-aware applications like SSH, SCP and Fedora Directory server. Firefox and Thunderbird can use the end-user’s certificate to perform SSL client authentication to a web server that supports this.

For more information on Red Hat products, including the Red Hat Certificate System and Red Hat Enterprise Linux 5, visit here.