Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

D.5. Online Certificate Status Manager-Specific ACLs


This section covers the default access control configuration attributes which are set specifically for the Online Certificate Status Manager. The OCSP responder's ACL configuration also includes all of the common ACLs listed in Section D.2, “Common ACLs”.
There are access control rules set for each of the OCSP's interfaces (administrative console and agents and end-entities services pages) and for common operations like listing and downloading CRLs.

D.5.1. certServer.ee.crl

Controls access to CRLs through the end-entities page.
allow (read) user="anybody"
Table D.57. certServer.ee.crl ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read Retrieve and view the certificate revocation list. Allow Anyone

D.5.2. certServer.ee.request.ocsp

Controls access, based on IP address, on which clients submit OCSP requests.
allow (submit) ipaddress=".*"
Table D.58. certServer.ee.request.ocsp ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
submit Submit OCSP requests. Allow All IP addresses

D.5.3. certServer.ocsp.ca

Controls who can instruct the OCSP responder. The default setting is:
allow (add) group="Online Certificate Status Manager Agents"
Table D.59. certServer.ocsp.ca ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
Add Instruct the OCSP responder to respond to OCSP requests for a new CA. Allow OCSP Manager Agents

D.5.4. certServer.ocsp.cas

Controls who can list, in the agent services interface, all of the Certificate Managers which publish CRLs to the Online Certificate Status Manager. The default setting is:
allow (list) group="Online Certificate Status Manager Agents"
Table D.60. certServer.ocsp.cas ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
list Lists all of the Certificate Managers which publish CRLs to the OCSP responder. Allow Agents

D.5.5. certServer.ocsp.certificate

Controls who can validate the status of a certificate. The default setting is:
allow (validate) group="Online Certificate Status Manager Agents"
Table D.61. certServer.ocsp.certificate ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
validate Verifies the status of a specified certificate. Allow OCSP Agents

D.5.6. certServer.ocsp.configuration

Controls who can access, view, or modify the configuration for the Certificate Manager's OCSP services. The default configuration is:
allow (read) group="Administrators" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators"
Table D.62. certServer.ocsp.configuration ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View OCSP plug-in information, OCSP configuration, and OCSP stores configuration. List OCSP stores configuration. Allow
Administrators
Online Certificate Status Manager Agents
Auditors
modify Modify the OCSP configuration, OCSP stores configuration, and default OCSP store. Allow Administrators

D.5.7. certServer.ocsp.crl

Controls access to read or update CRLs through the agent services interface. The default setting is:
allow (add) group="Online Certificate Status Manager Agents" || group="Trusted Managers"
Table D.63. certServer.ocsp.crl ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
add Add new CRLs to those managed by the OCSP responder. Allow
OCSP Agents
Trusted Managers

D.5.8. certServer.ocsp.group

Controls access to the internal database for adding users and groups for the Online Certificate Status Manager instance.
allow (modify,read) group="Administrators"
Table D.64. certServer.ocsp.group ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
modify Create, edit or delete user and group entries for the instance. Allow Administrators
read View user and group entries for the instance. Allow Administrators

D.5.9. certServer.ocsp.info

Controls who can read information about the OCSP responder.
allow (read) group="Online Certificate Status Manager Agents"
Table D.65. certServer.ocsp.info ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View OCSP responder information. Allow OCSP Agents
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.