iii
About This Guide                                                                                                                       vii
1. Examples and Formatting ..............................................................................................  vii
1.1. Formatting for Examples and Commands .............................................................  vii
1.2. Tool Locations ....................................................................................................  vii
1.3. Guide Formatting ................................................................................................  vii
2. Additional Reading ........................................................................................................  viii
3. Giving Feedback ............................................................................................................  ix
4. Document History ............................................................................................................ x
1. Overview of Certificate System Subsystems                                                                           1
1.1. Subsystems for Managing Certificates ........................................................................... 1
1.1.1. Certificate Manager ...........................................................................................  3
1.1.2. Registration Authority ......................................................................................... 3
1.1.3. Data Recovery Manager ....................................................................................  3
1.1.4. Online Certificate Status Manager ......................................................................  4
1.2. Subsystems for Managing Tokens .................................................................................  4
1.2.1. Token Processing System .................................................................................. 5
1.2.2. Token Key Service ............................................................................................  5
1.2.3. Enterprise Security Client ................................................................................... 5
1.3. Planning the Installation ................................................................................................ 6
2. Prerequisites Before Installing Certificate System                                                                  9
2.1. Supported Platforms, Hardware, and Programs .............................................................. 9
2.1.1. Supported Platforms ..........................................................................................  9
2.1.2. Supported Web Browsers ..................................................................................  9
2.1.3. Supported Smart Cards ...................................................................................  10
2.1.4. Supported HSM ............................................................................................... 10
2.1.5. Supported Charactersets .................................................................................. 10
2.2. Required Programs, Dependencies, and Configuration .................................................  11
2.2.1. Java Development Kit (JDK) ............................................................................  11
2.2.2. Apache ...........................................................................................................  11
2.2.3. Red Hat Directory Server .................................................................................  12
2.2.4. Additional Packages ........................................................................................  12
2.2.5. Firewall Configuration and iptables ...................................................................  13
2.2.6. SELinux Settings .............................................................................................  13
2.3. Packages Installed on Red Hat Enterprise Linux ..........................................................  13
2.4. Required Information for Subsystem Configuration .......................................................  15
2.5. Setting up Tokens for Storing Certificate System Subsystem Keys and Certificates .......... 16
2.5.1. Types of Hardware Tokens ............................................................................... 16
2.5.2. Using Hardware Security Modules with Subsystems ..........................................  17
2.5.3. Viewing Tokens ...............................................................................................  21
2.5.4. Detecting Tokens .............................................................................................  21
3. Installation and Configuration                                                                                               23
3.1. Overview of Installation ............................................................................................... 23
3.2. Installing the Certificate System Packages ...................................................................  25
3.2.1. Installing through yum ...................................................................................... 25
3.2.2. Installing from an ISO Image ............................................................................ 27
3.3. Configuring a CA ........................................................................................................ 27
3.4. Configuring an RA ...................................................................................................... 36
3.5. Configuring a DRM, OCSP, or TKS .............................................................................  43
3.6. Configuring a TPS ...................................................................................................... 50