SCEP
3
• Email notification on Certificate Request creation and approval
1.1.2. RA Roles
The RA supports the following roles:
• End Users - people who submit enrollment requests
• RA Agents - privileged RA users who are responsible for daily operation such as request approval
• Administrators - people responsible for installing and configuring the RA. Administrators can also
create new users and assign them as Agents.
1.2. SCEP
SCEP (Simple Certificate Enrollment Protocol) is a protocol designed by Cisco. It specifies a way for
a router to communicate with RAs and CAs for enrollment. Red Hat Certificate System 7.3 enables
routers to enroll for a certificate from an RA using this protocol.
Routers can communicate with the RA using the SCEP protocol to:
• Retrieve CA certificates
• Submit a Certificate Request
• Retrieve the issued certificate
• Submit a status request if the Certificate Request is pending
SCEP specifies two modes of operation:
• RA mode
• CA mode
In RA mode, the enrollment request is encrypted with the RA signing certificate. In CA mode, the
request is encrypted with the CA signing certificate. The current Certificate System RA adn CA
subsystems are implement so that SCEP is only supported in CA mode.
1.3. Auto-enrollment Proxy
Red Hat Certificate System 7.3 supports an auto-enrollment proxy (AEP) for Windows®, which allows
users and computers in a Microsoft Windows® domain to automatically enroll for certificates issued
from Certificate System.
Designed to integrate seamlessly with an existing Windows® infrastructure, the AEP module
minimizes administration overhead:
• Users and computers registered in a Windows® domain can automatically discover the location of
the proxy on their network
• Computers in a domain can automatically compose a certificate request, and submit it to a Red Hat
Certificate System CA via the proxy
• The Kerberos authentication mechanism built into Windows® authenticates these certificate
requests
Содержание CERTIFICATE 7.3 RELEASE NOTES
Страница 24: ...24 ...
