Chapter 4. Major Features in Certificate System

This chapter covers some of the major features of Red Hat Certificate System, giving a brief rundown of the major functionality of the product. These summaries are meant to help administrators understand the capabilities of the Certificate System so they can effectively plan their subsystem deployments.

4.1. Certificate Issuance

The Certificate System supports enrolling and issuing certificates and processing certificate requests from a variety of end entities, such as web browsers, servers, and virtual private network (VPN) clients. Issued certificates conform to X.509 version 3 standards.
The Certificate Manager can issue certificates with the following characteristics:
  • Certificates that are X.509 version 3-compliant
  • Unicode support for the certificate subject name and issuer name
  • Support for empty certificate subject names
  • Support for customized subject name components
  • Support for customized extensions
Additionally, smart cards can have certificates enrolled and maintained through the Enterprise Security Client. The Enterprise Security Client communicates directly with the TPS system, which, in turn, processes requests through the CA and DRM subsystems. Certificates are generated automatically when the token is first formatted, and all additional certificates belonging to the user can be imported onto the token.