PKI and certificate management
Manage X.509 certificates including issuance, renewal, revocation, and retrieval. Integrates with Dogtag Certificate Authority for certificate lifecycle management. Features include certificate requests with various profiles, certificate holds and releases, revocation with reason codes, certificate retrieval by serial number, and support for service and host certificates with automatic renewal via certmonger.
Manage certificate authorities within the integrated PKI subsystem. Supports lightweight sub-CAs for certificate isolation and policy enforcement. Features include CA creation and management, CA certificate retrieval, enabling and disabling CAs, and integration with certificate profiles and ACLs for fine-grained control over certificate issuance across organizational boundaries.
Manage certificate authority access control lists to restrict which certificate profiles can be used by which users, hosts, or services. CA ACLs enforce policy by controlling profile usage, target principals, and issuing CAs. Features include rule-based access control, profile and CA filtering, user and host category support, and enable/disable capabilities for flexible certificate issuance governance.
Manage certificate mapping rules for user authentication via certificates. Certificate mapping enables users to authenticate using X.509 certificates by defining how certificate attributes map to IPA user accounts. Features include mapping rules with priority, certificate matching data, domains for cross-realm support, and enable/disable controls for flexible certificate-based authentication policies.
Manage certificate profiles that define certificate properties, extensions, and constraints. Profiles control certificate content including validity period, key usage, extended key usage, subject alternative names, and other X.509 extensions. Features include profile import/export, modification of profile configuration, and integration with CA ACLs for controlling certificate issuance based on organizational requirements.