Chapter 6. Prerequisites and Preparation for Installation

Before installing the Red Hat Certificate System subsystems, check out the requirements and dependencies for the specific platform, as well as looking at the installed packages.

6.1. Supported Platforms, Hardware, and Programs

6.1.1. Supported Platforms

The Certificate System subsystems (CA, RA, DRM, OCSP, TKS, and TPS) are supported on the following platforms:
  • Red Hat Enterprise Linux 5.6 (x86, 32-bit)
  • Red Hat Enterprise Linux 5.6 (x86_64, 64-bit)
The Enterprise Security Client, which manages smart cards for end users, is supported on the following platforms:
  • Red Hat Enterprise Linux 5.6 (x86, 32-bit)
  • Red Hat Enterprise Linux 5.6 (x86_64, 64-bit)
  • Microsoft Windows Vista 32-bit
  • Microsoft Windows Vista 64-bit
  • Microsoft Windows XP 32-bit
  • Microsoft Windows XP 64-bit
  • Apple Mac OS X 10.5.x (Leopard)

6.1.2. Supported Web Browsers

The services pages for the subsystems require a web browser that supports SSL. It is strongly recommended that users such as agents or administrators use Mozilla Firefox to access the agent services pages. Regular users should use Mozilla Firefox or Microsoft Internet Explorer.


The only browser that is fully-supported for the HTML-based instance configuration wizard is Mozilla Firefox.

Table 6.1. Supported Web Browsers by Platform

Platform Agent Services End User Pages
Red Hat Enterprise Linux Firefox 3.x Firefox 3.x
Windows Vista Firefox 2.x
Firefox 2.x
Internet Explorer 7 and higher
Windows XP Firefox 2.x
Firefox 2.x
Internet Explorer 6 and higher
Mac OS 10.5.x Agent services are not supported for Mac Firefox 2.x

6.1.3. Supported Smart Cards

The Enterprise Security Client supports Global Platform 2.01-compliant smart cards and JavaCard 2.1 or higher.
The Certificate System subsystems have been tested using the following tokens:
  • Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key
  • Gemalto Cyberflex e-gate 32K token
  • Safenet 330J Java smart card
Smart card testing was conducted using the SCM SCR331 CCID reader.
The only card manager applet supported with Certificate System is the CoolKey applet which ships with Red Hat Enterprise Linux 5.6.

6.1.4. Supported HSM

Red Hat Certificate System supports three hardware security modules (HSM): nCipher netHSM, nCipher sShield, and Chrysalis-IT LunaSA.
HSM Firmware Appliance Software Client Software
Safenet Chrysalis-ITS LunaSA 4.5.2 3.2.4 3.2.4
nCipher netHSM 2000 2.33.60 11.10
nCipher sShield

6.1.5. Supported Charactersets

Red Hat Certificate System fully supports UTF-8 characters in the CA end users forms for specific fields. This means that end users can submit certificate requests with UTF-8 characters in those fields and can search for and retrieve certificates and CRLs in the CA and retrieve keys in the DRM when using those field values as the search parameters.
Four fields fully-support UTF-8 characters:
  • Common name (used in the subject name of the certificate)
  • Organizational unit (used in the subject name of the certificate)
  • Requester name
  • Additional notes (comments appended by the agent to the certificate)


This support does not include supporting internationalized domain names, like in email addresses.

6.1.6. Summary of Requirements for Common Criteria

Red Hat Certificate System 8.1 is certified for Common Criteria on a defined environment. It is possible to install, configure, and use Certificate System in other environments, but to have a Common Criteria-certified environment, it must meet these requirements for software and hardware.

Table 6.2. Common Criteria Environment

Requirement Area Certified Version
  • CA
  • DRM
  • OCSP
  • TKS
  • TPS


The RA subsystem is not Common Criteria-certified and cannot be used in a Common Criteria environment.
Operating System
  • Red Hat Enterprise Linux 5.6, 32-bit
  • Red Hat Enterprise Linux 5.6, 64-bit
JDK/JRE OpenJDK Runtime Environment
Internal Database Red Hat Directory Server 8.2
Web Server
  • Tomcat 5 (CA, DRM, OCSP, TKS)
  • Apache 2.2 (TPS)
Hardware Security Modules or Tokens Any properly-certified HSM, running in FIPS 140 Level 3 mode
Web Browser[a] Firefox 3.6
[a] To access the configuration wizard and agent and administrative interfaces.