Manualshelf

System information

ManualsBrandsRed Hat ManualsOtherCERTIFICATE SYSTEM 8 - AGENTS GUIDE
31323334353637383940
CA: Handling Certificate Requests
A Certificate Manager (CM) agent is responsible for handling both manual enrollment requests
made by end entities (end users, server administrators, and other Certificate System
subsystems) and automated enrollment requests that have been deferred. This chapter
describes the general procedure for handling requests and explains how to handle different
aspects of certificate request management.
1. Managing Requests
The procedure for handling certificate enrollment requests is as follows:
1. View the list of pending requests for the CM (refer to Section 2, “Listing Certificate
Requests”).
2. Select a request from the list (refer to Section 2.1, “Selecting a Request”).
3. Process the request (refer to Section 2.2, “Searching Requests” and Section 3, “Approving
Requests”).
Processing a certificate request for a certificate allows one of several actions:
Approve the request. A request can be approved manually by an agent or automatically by
the certificate profile if the request has been authenticated and if the system has been
configured to allow automatic enrollment. After a request has been approved, the Certificate
System issues the requested certificate. The end user can be automatically notified that the
certificate was issued.
Reject the request. A certificate request can be rejected manually or automatically by the
certificate profile if the request does not conform to the profile's defaults and constraints. If
automatic notification is configured, a notification is automatically sent to the requester when
the certificate request is rejected.
Cancel the request. A request can be canceled manually, but requests can never be canceled
automatically. Users do not receive automatic notification of canceled requests. Cancellation
can be useful if the user has left the company since submitting the request or if the user has
already been contacted about a problem with the certificate request and, therefore, does not
need notified.
Update the request. A pending certificate request can be updated by changing some of its
values, such as the subject name. The different default values associated with a certificate
profile changed by the agent only results in the certificate request values being changed but
does not change its state.
Validate the request. A request that uses a certificate profile can be checked, or validated, to
see if the request complies with the defaults and constraints set by the certificate profile. This
Chapter 4.
31