- 5.1. Supported Platforms, Hardware, and Programs
- 5.2. Packages Installed on Red Hat Enterprise Linux
- 5.3. Before Installation: Setting up the Operating Environment
- 5.3.1. Installing the Required Java Development Kit (JDK)
- 5.3.2. Installing Apache (for the TPS)
- 5.3.3. Installing Red Hat Directory Server
- 5.3.4. Installing Additional Operating System Packages
- 5.3.5. Verifying Firewall Configuration and iptables
- 5.3.6. Enabling SELinux
- 5.3.7. Setting up Operating System Users and Groups
- 5.3.8. Using a Java Security Manager
Before installing the Red Hat Certificate System subsystems, check out the requirements and dependencies for the specific platform, as well as looking at the installed packages.
The Certificate System subsystems (CA, RA, DRM, OCSP, TKS, and TPS) are supported on the following platforms:
- Red Hat Enterprise Linux 5.6 and later (x86, 32-bit)
- Red Hat Enterprise Linux 5.6 and later (x86_64, 64-bit)
The Enterprise Security Client, which manages smart cards for end users, is supported on the following platforms:
- Red Hat Enterprise Linux 5.6 and later (x86, 32-bit)
- Red Hat Enterprise Linux 5.6 and later (x86_64, 64-bit)
- Microsoft Windows Vista 32-bit
- Microsoft Windows Vista 64-bit
- Microsoft Windows XP 32-bit
- Microsoft Windows XP 64-bit
- Apple Mac OS X 10.5.x (Leopard)
The services pages for the subsystems require a web browser that supports SSL. It is strongly recommended that users such as agents or administrators use Mozilla Firefox to access the agent services pages. Regular users should use Mozilla Firefox or Microsoft Internet Explorer.
NOTE
The only browser that is fully-supported for the HTML-based instance configuration wizard is Mozilla Firefox.
Table 5.1. Supported Web Browsers by Platform
| Platform | Agent Services | End User Pages | ||
|---|---|---|---|---|
| Red Hat Enterprise Linux | Firefox 10 and later | Firefox 10 and later | ||
| Windows Vista | Firefox 10 and later |
| ||
| Windows XP | Firefox 10 and later |
| ||
| Mac OS 10.5.x | Agent services are not supported for Mac | Firefox 10 and later |
The Enterprise Security Client supports Global Platform 2.01-compliant smart cards and JavaCard 2.1 or higher.
The Certificate System subsystems have been tested using the following tokens:
- Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key
- Gemalto Cyberflex e-gate 32K token
- Safenet 330J Java smart card
Smart card testing was conducted using the SCM SCR331 CCID reader.
The only card manager applet supported with Certificate System is the CoolKey applet which ships with Red Hat Enterprise Linux 5.6.
Red Hat Certificate System supports three hardware security modules (HSM): nCipher netHSM, nCipher sShield, and Chrysalis-IT LunaSA.
| HSM | Firmware | Appliance Software | Client Software |
|---|---|---|---|
| Safenet Chrysalis-ITS LunaSA | 4.5.2 | 3.2.4 | 3.2.4 |
| nCipher netHSM 2000 | 2.33.60 | 11.10 | |
| nCipher sShield |
Red Hat Certificate System fully supports UTF-8 characters in the CA end users forms for specific fields. This means that end users can submit certificate requests with UTF-8 characters in those fields and can search for and retrieve certificates and CRLs in the CA and retrieve keys in the DRM when using those field values as the search parameters.
Four fields fully-support UTF-8 characters:
- Common name (used in the subject name of the certificate)
- Organizational unit (used in the subject name of the certificate)
- Requester name
- Additional notes (comments appended by the agent to the certificate)
NOTE
This support does not include supporting internationalized domain names, like in email addresses.
Red Hat Certificate System 8.1 is certified for Common Criteria on a defined environment. It is possible to install, configure, and use Certificate System in other environments, but to have a Common Criteria-certified environment, it must meet these requirements for software and hardware.
Table 5.2. Common Criteria Environment
| Requirement Area | Certified Version |
|---|---|
| Subsystems |
IMPORTANT
The RA subsystem is not Common Criteria-certified and cannot be used in a Common Criteria environment.
|
| Operating System |
|
| JDK/JRE | OpenJDK Runtime Environment 1.6.0.0 |
| Internal Database |
|
| Web Server |
|
| Hardware Security Modules or Tokens | Any properly-certified HSM, running in FIPS 140 Level 3 mode |
| Web Browser[a] | Firefox 10 and later |
[a]
To access the configuration wizard and agent and administrative interfaces.
| |