Chapter 8. Red Hat Certificate System 9.0

Red Hat Certificate System 9.0 is a major release of the product, new, contemporary features have been added, and existing features have been made more robust and flexible.

8.1. Supported Platforms

This section covers the different server platforms, hardware, tokens, and software supported by Red Hat Certificate System 9.0.

8.1.1. Server and Client Support

The Red Hat Certificate System subsystems (CA, KRA, OCSP, TKS, and TPS) are supported on the Red Hat Enterprise Linux 7.1 and later (64-bit) platforms.
The Enterprise Security Client (ESC), which manages smart cards for end users, is also supported on the Red Hat Enterprise Linux 7.1 and later (64-bit) platforms.
The ESC is also supported on latest versions of Red Hat Enterprise Linux 5 and 6. Although these platforms do not support Red Hat Certificate System 9, those clients can be used against the TMS system in Red Hat Certificate System 9.

8.1.2. Supported Web Browsers

The services pages for the subsystems require a web browser that supports SSL/TLS. It is strongly recommended that users such as agents or administrators use Mozilla Firefox to access the agent services pages. Regular users should use Mozilla Firefox.


The only browser that is fully-supported for the HTML-based instance configuration is Mozilla Firefox.

Table 8.1. Supported Web Browsers by Platform

Platform Agent Services End User Pages
Red Hat Enterprise Linux Firefox 38 and later Firefox 38 and later
Windows 7 Firefox 40 and later
Firefox 40 and later
Internet Explorer 10
Windows Server 2012 Firefox 40 and later
Firefox 40 and later


Firefox versions 33, 35 and later, on all platforms, no longer support the crypto web object used to generate and archive keys from the browser. As a result, expect limited functionality in this area.


Internet Explorer 11 is not currently supported by Red Hat Certificate System 9 because the enrollment code for this web browser depends upon VBScript, which has been deprecated in Internet Explorer 11.

8.1.3. Supported Smart Cards

The Enterprise Security Client supports Global Platform 2.01-compliant smart cards and JavaCard 2.1 or higher.
The Red Hat Certificate System subsystems have been tested using the following tokens:
  • Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key
  • SafeNet Assured Technologies Smart Card 650 (SC-650), with support for both SCP01 and SCP02
Note that all versions of SC-650 require the Omnikey 3121 reader. Legacy smart cards can be used with the SCM SCR331 CCID reader.
The only card manager applet supported with Red Hat Certificate System is the CoolKey applet, which is part of the pki-tps package in Red Hat Certificate System.

8.1.4. Supported HSM

Red Hat Certificate System 9 has been tested to support two hardware security modules (HSM): nCipher NShield connect 6000, and Gemalto SafeNet Luna SA 1700.
HSM Firmware Appliance Software Client Software
nCipher nShield connect 6000 0.4.11cam2 CipherTools-linux64-dev-11.70.00 CipherTools-linux64-dev-11.70.00
Gemalto SafeNet Luna SA 1700 6.22.0 6.0.0-41 libcryptoki-5.4.1-2.x86_64