Chapter 8. Red Hat Certificate System 9.0
Red Hat Certificate System 9.0 is a major release of the product, new, contemporary features have been added, and existing features have been made more robust and flexible.
8.1. Supported Platforms
This section covers the different server platforms, hardware, tokens, and software supported by Red Hat Certificate System 9.0.
8.1.1. Server and Client Support
The Red Hat Certificate System subsystems (CA, KRA, OCSP, TKS, and TPS) are supported on the Red Hat Enterprise Linux 7.1 and later (64-bit) platforms.
The Enterprise Security Client (ESC), which manages smart cards for end users, is also supported on the Red Hat Enterprise Linux 7.1 and later (64-bit) platforms.
The ESC is also supported on latest versions of Red Hat Enterprise Linux 5 and 6. Although these platforms do not support Red Hat Certificate System 9, those clients can be used against the TMS system in Red Hat Certificate System 9.
8.1.2. Supported Web Browsers
The services pages for the subsystems require a web browser that supports SSL/TLS. It is strongly recommended that users such as agents or administrators use Mozilla Firefox to access the agent services pages. Regular users should use Mozilla Firefox.
Note
The only browser that is fully-supported for the HTML-based instance configuration is Mozilla Firefox.
Table 8.1. Supported Web Browsers by Platform
| Platform | Agent Services | End User Pages |
|---|---|---|
| Red Hat Enterprise Linux | Firefox 38 and later | Firefox 38 and later |
| Windows 7 | Firefox 40 and later |
Firefox 40 and later
Internet Explorer 10
|
| Windows Server 2012 | Firefox 40 and later |
Firefox 40 and later
|
Warning
Firefox versions 33, 35 and later, on all platforms, no longer support the
crypto web object used to generate and archive keys from the browser. As a result, expect limited functionality in this area.
Note
Internet Explorer 11 is not currently supported by Red Hat Certificate System 9 because the enrollment code for this web browser depends upon VBScript, which has been deprecated in Internet Explorer 11.
8.1.3. Supported Smart Cards
The Enterprise Security Client supports Global Platform 2.01-compliant smart cards and JavaCard 2.1 or higher.
The Red Hat Certificate System subsystems have been tested using the following tokens:
- Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key
- SafeNet Assured Technologies Smart Card 650 (SC-650), with support for both SCP01 and SCP02
Note that all versions of SC-650 require the Omnikey 3121 reader. Legacy smart cards can be used with the SCM SCR331 CCID reader.
The only card manager applet supported with Red Hat Certificate System is the CoolKey applet, which is part of the pki-tps package in Red Hat Certificate System.
8.1.4. Supported HSM
Red Hat Certificate System 9 has been tested to support two hardware security modules (HSM): nCipher NShield connect 6000, and Gemalto SafeNet Luna SA 1700.
| HSM | Firmware | Appliance Software | Client Software |
|---|---|---|---|
| nCipher nShield connect 6000 | 0.4.11cam2 | CipherTools-linux64-dev-11.70.00 | CipherTools-linux64-dev-11.70.00 |
| Gemalto SafeNet Luna SA 1700 | 6.22.0 | 6.0.0-41 | libcryptoki-5.4.1-2.x86_64 |
