3.5. Supported Security and Directory Protocols

The Certificate System supports several common Internet and network protocols.

Table 3.3. Supported Security and Directory Protocols

Protocol Description
FIPS PUBS 140 Federal Information Standards Publications (FIPS PUBS) 140 is a US government standard for implementing cryptographic modules such as hardware or software that encrypts and decrypts data, creates and verifies digital signatures, and other cryptographic functions. More information is available at http://csrc.nist.gov/publications/PubsFIPS.html.
Hypertext Transport Protocol (HTTP) and Hypertext Transport Protocol Secure (HTTPS) Protocols used to communicate with web servers.
KEYGEN tag An HTML tag that generates a key pair for use with a certificate.
Lightweight Directory Access Protocol (LDAP) v2, v3 A directory service protocol designed to run over TCP/IP and across multiple platforms. LDAP is a simplified version of Directory Access Protocol (DAP), used to access X.500 directories. LDAP is under IETF change control and has evolved to meet Internet requirements.
Public-Key Cryptography Standard (PKCS) #7 An encrypted data and message format developed by RSA Data Security to represent digital signatures, certificate chains, and encrypted data. This format is used to deliver certificates to end entities.
Public-Key Cryptography Standard (PKCS) #10 A message format developed by RSA Data Security for certificate requests. This format is supported by many server products.
Public-Key Cryptography Standard (PKCS) #11 Specifies an API used to communicate with devices such as hardware tokens that hold cryptographic information and perform cryptographic operations.
Secure Sockets Layer (SSL) 2.0 and 3.0 and Transport Layer Security (TLS) A set of rules governing server authentication, client authentication, and encrypted communication between servers and clients.
Security-Enhanced Linux Security-enhanced Linux, or SELinux, is a set of security protocols enforcing mandatory access control on Linux system kernels. This was developed by the United States National Security Agency to keep applications from accessing confidential or protected files through lenient or flawed access controls.
Simple Certificate Enrollment Protocol (SCEP) A protocol designed by Cisco to specify a way for a router to communicate with an RA or CA for router certificate enrollment. SCEP defines two modes of operation: RA mode and CA mode. Certificate System supports CA mode, where the request is encrypted with the CA signing certificate.
The certificate enrollment pages support all UTF-8 characters for specific fields (common name, organizational unit, requester name, and additional notes). The certificates will be generated with the UTF-8 strings correctly used in the subject names and other fields, and the UTF-8 strings are searchable and correctly display in the CA, OCSP, and DRM end user and agents services pages.
This UTF-8 support does not extended to internationalized domain names, like in email addresses.
IPv4 and IPv6 Certificate System supports both IPv4 and IPv6 address namespaces for communications and operations with all subsystems and tools, as well as for clients, subsystem creation, and token and certificate enrollment,