Why the Red Hat Certificate System configuration parameters nickname and newNickname can have different values?

Solution Unverified - Updated -


In the Red Hat Certificate System / RHCS main configuration file CS.cfg, the certificate nicknames of the subsystems CA, DRM, TKS, and TPS can have the parameters nickname and newNickname with different values, why do the multiple name and value pairs of the certificate nicknames of those subsystems?

Case with internal encryption token, the values for ca.signing.newNickname and ca.signing.nickname are the same:

ca.signing.newNickname=caSigningCert cert-ca1
ca.signing.nickname=caSigningCert cert-ca1
ca.signing.tokenname=Internal Key Storage Token

And with a different encryption module, example with netHSM:

ca.signing.newNickname=<netHSM name>:caSigningCert cert-ca1
ca.signing.nickname=caSigningCert cert-ca1
ca.signing.tokenname=<netHSM name>

When will ca.signing.newNickname be used and when will ca.signing.nickname be used?
Why are both created?


  • Red Hat Enterprise Linux 5
  • Red Hat Certificate System 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content