Course Description
RHS435 Red Hat Enterprise Certificate Management is an intensive course that provides four days of instruction and labs for Linux and UNIX administrators who want to learn to manage and validate certificates using the Red Hat Certificate System.
What you will learn:
Course Outline
Unit 1 - A Review of Public and Private Key Encryption
- Identity, Public Keys, and Digital Certificates
- Symmetric and Public Key Encryption
- Authentication Using Public-Key Encryption
- Data Integrity Through Message Digests
- Applying and Verifying a Digital Signature
- X.509 Certificates
Unit 2 - Public Key Infrastructure and the Red Hat Certificate System
- Certificates and Certificate Authorities
- Elements of a Public Key Infrastructure
- X.509 Certificates and Public Keys
- Red Hat Certificate System
- Users and Authorization
- Plug-in Modules
- Profiles
- Certificate Manager Graphical Console
- End Entity and Agent Services
- User Identity and Distinguished Names
- Certificate Extensions
- Hands-on Lab: Installing and Configuring the Red Hat Certificate Manager
Unit 3 - Authentication, Authorization and ACLs
- The Certificate System's Authorization Framework
- How Authorization Works
- Default Groups, ACLs, and ACIs
- Authentication Options for Certificate Enrollment
- End Entity Enrollment, Plug-ins, and Server Certificate
- Hands-on Lab: Manage administrators and agents
Unit 4 - CMS and Common Criteria
- What is Common Criteria?
- Why Would We Like to be CC Certified?
- CC Security Levels
- What is a Protection Profile (PP)?
- Why Common Criteria for Red Hat Certificate System?
- Installing Certificate System for a CC Environment
- Common Criteria Deployment Scenarios
- Installing and Configuring a CA in CC Environment
- Hands-on Lab: Manage console client authentication
Unit 5 - Self signed root CA and chained CAs
- Self Signed Root CA and Subordinate CAs
- Certificate Manager Subordination and Constraints
- Subordination to Other CAs
- Certificate Chain
- Cloned CA
- Hands-on Lab: Installing and touring subordinate CAs
class="redNote"
- Using the Console to configure policy
- Policy Plug-ins
- Applying Policies and Configuring Rules
- Policy Rules Ordering
- Basic Constraints
- Certificate Profiles
- Hands-on Lab: Use Profiles and Policy Plug-ins
Unit 7 - Command Line Tools
- Why command line utilities?
- Displaying certificate information: PrettyPrintCert and PrettyPrintCrl
- Extracting information from the certificate database: certutil
- Non-certificate system based tools
- Hands-on Lab: Exploring Command Line Tools
Unit 8 - Troubleshooting Guide for CMS
- Command Line Utilities
- Error Messages and Log Files
- LDAP Monitor
- SSL Debug
- Troubleshooting Tools and Tips
Unit 9 - Certificates, Enrollments, Publishing
- Enrollment: servlets, and authentication and policy modules
- Manual Authentication
- Automatic Authentication: LDAP-based
- Registration - PIN Based
- Issuance and Pickup
- Publish Certificates in LDAP
- Hands-on Lab: Certificates, Enrollments, Publishing
Unit 10 - CRLs, OCSP Responder
- CRLs and Revocation
- CRLs and CAs
- CRLs and Validation
- CRL Issuing Points
- OCSP Responder
- Hands-on Lab: CRLs and OCSP Responders
Unit 11 - Key Archival and Recovery
- PKI Setup for Key Archival and Recovery
- Data Recovery Manager Overview
- DRM: Key Archival and Recovery
- Hands-on Lab: Setting up a Data Recovery Manager instance
Unit 12 - Certificate Renewal
- Certificate Validity
- Renewing and Re-issuing Certificates
- Renewal Policies
- Root CA Change Effects
- Possible Problems
- Hands-on Lab: Certificate Renewal
Unit 13 - Cross certificates
- Issuing, Importing, and Publishing Cross-Pair Certificates
- Hands-on Lab: Cross Certificates
Unit 14 - End Entity and Agent Services Interface Customization
- Service Interface Overview
- Responses and Output Templates
- Templates
- End Entity and Agent Services Interface Forms and Templates
- Hands-on Lab: End Entity and Agent Services Interface Customization
Prerequisites:
RH423 requires RHCE-level skills. The RHCE certificate on Red Hat Linux 7.1 or later is recommended but not required. Prerequisite skills can be shown by passing the RHCE Exam in either RH302 or RH300, or by taking RH253 Red Hat Linux Networking and Security Administration or by possessing comparable skills and knowledge.
In addition, students should be familiar with SSL, X.509 certificate generation, and LDAP. It is useful, but not required, to have taken RH423 Red Hat Enterprise Directory Services and Authentication.
Although this class will teach audience members the basics of public key infrastructures, it is nonetheless important for audience members to understand the purposes of a PKI in advance.
Goal:
RHS435 teaches systems engineers to setup and manage the Red Hat Certificate System, a certificate management system capable of scaling from a workgroup to a multinational enterprise. The Red Hat Certificate System permits users to register and revoke their certificates, and confirm the validity of other certificates. Thus, it ensures the validity of encrypted and signed messages.
Topics covered in this course include: understanding certificate management; using LDAP in a CMS; key management; Certificate Authority management; and troubleshooting. See below for a more detailed outline.
RHS435 is technically advanced, with a strong focus on labs. Therefore, it is essential that audience members are either RHCEs or possess RHCE-level skills.
Audience:
RHS435 is designed for systems engineers, consultants, or other technical personnel responsible for operating a Public Key Infrastructure (PKI) using the Red Hat Certificate System.
This course is particularly useful for system administrators managing Enterprise Linux systems running versions 2.1, 3, 4 and migrating to version 5.
Class times:
-
Monday through Thursday
- Start: 9:00am
- End: 5:00pm (depending on class progress)