13.8. Configuration for CMC
This section describes how to configure Certificate System for Certificate Management over CMS (CMC).
13.8.1. Understanding How CMC Works
Before configuring CMC, read the following documentation to learn more about the subject:
- Issuing Certificates Using CMC in the Red Hat Certificate System Administration Guide.
- Making Rules for Issuing Certificates (Certificate Profiles) in the Red Hat Certificate System Administration Guide.
13.8.2. Enabling the PopLinkWittnessV2
Feature
For a high-level security on the Certificate Authority (CA), enable the following option in the
/var/lib/pki/instance_name/ca/conf/CS.cfg
file:
cmc.popLinkWitnessRequired=true
13.8.4. Enabling CMCRevoke for the Web User Interface
As described in the Performing a CMC Revocation section in the Red Hat Certificate System Administration Guide, there are two ways to submit CMC revocation requests.
In cases when you use the
CMCRevoke
utility to create revocation requests to be submitted through the web UI, add the following setting to the /var/lib/pki/instance_name/ca/conf/CS.cfg
file:
cmc.bypassClientAuth=true