Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 4. Supported platforms
This section describes the different server platforms, hardware, tokens, and software supported by Red Hat Certificate System 10.
4.1. General requirements
The minimal and recommended hardware for Red Hat Certificate System 10 are as follows:
Minimal requirements
- CPU: 2 threads
- RAM: 2 GB
- Disk space: 20 GB
The minimal requirements are based on the Red Hat Enterprise Linux 8 minimal requirements. For more information, see Red Hat Enterprise Linux technology capabilities and limits.
Recommended requirements
- CPU: 4 or more threads, AES-NI support
- RAM: 8 GB or more
- Disk space: 80 GB or more
4.2. Server support
See Chapter 6, Prerequisites for installation for supported system information.
4.3. Supported web browsers
The only fully-tested browser is Mozilla Firefox, and to some extent, Chrome. However, in general, newer versions of browsers on major OS platforms are likely to work.
4.4. Supported Hardware Security Modules
The following table lists Hardware Security Modules (HSM) supported by Red Hat Certificate System:
| HSM | Firmware | Appliance Software | Client Software |
|---|---|---|---|
| nCipher nShield Connect XC | nShield_HSM_Firmware-12.72.1 | 12.71.0 | SecWorld_Lin64-12.71.0 |
| Thales TCT Luna Network HSM T-5000 with Luna-T7 internal card | lunafw_update-7.11.1-4 | 7.11.0-25 | LunaClient-7.11.1-5 |
While the Common Criteria evaluation tested using this Entrust HSM, any HSM is considered equivalent when it is at least FIPS 140-2 validated, provides PKCS#11 3.0 cryptographic services or higher, hardware protection for keys and supports the required algorithms. Some tokens that do not follow the PKCS #11 3.0 semantics will fail. For instance, some tokens do not properly support CKA_ID, which is a requirement for RHCS certificate and key provisioning of the token.
Limited support for Thales Luna: Red Hat was not able to confirm that the Thales HSM unit supports AES key wrapping/unwrapping via OAEP. Please be aware that those features requiring support of this algorithm will not function without such support. These features include:
- KRA: key archival and recovery
- CMC SharedToken authentication mechanism for enrollments
-
TKS
TPS shared secret automatic transport during installation
It is, however, observed that workarounds may be employed for some of these features, but at the cost of degraded security level or operational inconvenience.
Another example is that a certain Safenet Luna model supports PKI private key extraction in its CKE - Key Export model, and only in non-FIPS mode. The Luna Cloning model and the CKE model in FIPS mode do not support PKI private key extraction.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}