Chapter 5. Using and Configuring the Token Management System: TPS and TKS

This chapter provides procedures for using hardware security modules, also called HSMs or tokens, to generate and store Certificate System instance certificates and keys.
This chapter only contains administration procedures. For general information on the concepts behind the Token Management System, see the Red Hat Certificate System 9 Planning, Installation and Deployment Guide.

5.1. TPS Profiles

Note

See the TPS Profiles section of the Red Hat Certificate System 9 Planning, Installation and Deployment Guide for general information.
Unlike CA enrollment profiles, which are defined and stored in individual files or in LDAP, TPS profiles (also known as token types) are defined in the TPS configuration file, CS.cfg.
TPS profile (token type) configuration parameters are set in the following format:
op.<explicit op>.<profile id>.<implicit op>.<key type>.*
In the above, <explicit op> and <implicit op> are one of the explicit and implicit operations discussed in the TPS Operations section below, and <key type> is the name given for each certificate type.
An example configuration parameter may look like the following example:
op.enroll.userKey.keyGen.encryption.*