Menu Close
Settings Close

Language and Page Formatting Options

Chapter 6. Red Hat Certificate System 9.2

The following sections detail changes for Red Hat Certificate System 9.2.

6.1. Supported Platforms

This section covers the different server platforms, hardware, tokens, and software supported by Red Hat Certificate System 9.2.

6.1.1. Server and Client Support

The Certificate System 9.2 subsystems (CA, KRA, OCSP, TKS, and TPS) are supported on the Red Hat Enterprise Linux 7.4 and later platforms.
The Enterprise Security Client (ESC), which manages smart cards for end users, is also supported on Red Hat Enterprise Linux 7.
The ESC is also supported on latest versions of Red Hat Enterprise Linux 5 and 6. Although these platforms do not support Red Hat Certificate System 9.2, those clients can be used against the TMS system in Red Hat Certificate System 9.2.

6.1.2. Supported Web Browsers

The services pages for the subsystems require a web browser that supports SSL/TLS. It is strongly recommended that users such as agents or administrators use Mozilla Firefox to access the agent services pages. Regular users should use Mozilla Firefox .

Note

The only browser that is fully-supported for the HTML-based instance configuration is Mozilla Firefox.

Table 6.1. Supported Web Browsers by Platform

Platform Agent Services End User Pages
Red Hat Enterprise Linux Firefox 38 and later Firefox 38 and later
Windows 7 Firefox 40 and later
Firefox 40 and later
Internet Explorer 10
Windows Server 2012 Firefox 40 and later
Firefox 40 and later

Warning

Firefox versions 33, 35 and later, on all platforms, no longer support the crypto web object used to generate and archive keys from the browser. As a result, expect limited functionality in this area.

Note

Internet Explorer 11 is not currently supported by Red Hat Certificate System 9 because the enrollment code for this web browser depends upon VBScript, which has been deprecated in Internet Explorer 11.

6.1.3. Supported Smart Cards

The Enterprise Security Client supports Global Platform 2.01-compliant smart cards and JavaCard 2.1 or higher.
The Certificate System subsystems have been tested using the following tokens:
  • Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key
  • SafeNet Assured Technologies Smart Card 650 (SC-650), with support for SCP01
  • G&D Smart Cafe 6.0 for SCP03
Note that all versions of SC-650 require the Omnikey 3121 reader. Legacy smart cards can be used with the SCM SCR331 CCID reader.
The only card manager applet supported with Certificate System is the CoolKey applet, which is part of the pki-tps package in Red Hat Certificate System.

6.1.4. Supported HSM

Red Hat Certificate System 9.2 has been tested to support two hardware security modules (HSM): nCipher NShield connect 6000, and Gemalto SafeNet Luna SA 1700.
HSM Firmware Appliance Software Client Software
nCipher nShield connect 6000 0.4.11cam2 CipherTools-linux64-dev-11.70.00 CipherTools-linux64-dev-11.70.00
Gemalto SafeNet Luna SA 1700 6.22.0 6.0.0-41 libcryptoki-5.4.1-2.x86_64