Chapter 7. Red Hat Certificate System 9.1
The following sections detail changes for Red Hat Certificate System 9.1.
7.1. Supported Platforms
This section covers the different server platforms, hardware, tokens, and software supported by Red Hat Certificate System 9.2.
7.1.1. Server and Client Support
The Certificate System 9.1 subsystems (CA, KRA, OCSP, TKS, and TPS) are supported on the Red Hat Enterprise Linux 7.3 and later platforms.
The Enterprise Security Client (ESC), which manages smart cards for end users, is also supported on the Red Hat Enterprise Linux 7.3 and later platforms.
The ESC is also supported on latest versions of Red Hat Enterprise Linux 5 and 6. Although these platforms do not support Red Hat Certificate System 9.1, those clients can be used against the TMS system in Red Hat Certificate System 9.1.
7.1.2. Supported Web Browsers
The services pages for the subsystems require a web browser that supports SSL/TLS. It is strongly recommended that users such as agents or administrators use Mozilla Firefox to access the agent services pages. Regular users should use Mozilla Firefox .
Note
The only browser that is fully-supported for the HTML-based instance configuration is Mozilla Firefox.
| Platform | Agent Services | End User Pages |
|---|---|---|
| Red Hat Enterprise Linux | Firefox 38 and later | Firefox 38 and later |
| Windows 7 | Firefox 40 and later |
Firefox 40 and later
Internet Explorer 10
|
| Windows Server 2012 | Firefox 40 and later |
Firefox 40 and later
|
Warning
Firefox versions 33, 35 and later, on all platforms, no longer support the
crypto web object used to generate and archive keys from the browser. As a result, expect limited functionality in this area.
Note
Internet Explorer 11 is not currently supported by Red Hat Certificate System 9 because the enrollment code for this web browser depends upon VBScript, which has been deprecated in Internet Explorer 11.
7.1.3. Supported Smart Cards
The Enterprise Security Client supports Global Platform 2.01-compliant smart cards and JavaCard 2.1 or higher.
The Certificate System subsystems have been tested using the following tokens:
- Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key
- SafeNet Assured Technologies Smart Card 650 (SC-650), with support for both SCP01 and SCP02
Note that all versions of SC-650 require the Omnikey 3121 reader. Legacy smart cards can be used with the SCM SCR331 CCID reader.
The only card manager applet supported with Certificate System is the CoolKey applet, which is part of the pki-tps package in Red Hat Certificate System.
7.1.4. Supported HSM
Red Hat Certificate System 9.1 has been tested to support two hardware security modules (HSM): nCipher NShield connect 6000, and Gemalto SafeNet Luna SA 1700.
| HSM | Firmware | Appliance Software | Client Software |
|---|---|---|---|
| nCipher nShield connect 6000 | 0.4.11cam2 | CipherTools-linux64-dev-11.70.00 | CipherTools-linux64-dev-11.70.00 |
| Gemalto SafeNet Luna SA 1700 | 6.22.0 | 6.0.0-41 | libcryptoki-5.4.1-2.x86_64 |
