Certificate Authority

Red Hat Certificate System (RHCS)

3min

This document shows you how to configure the Futurex KMES Series 3 with Red Hat Certificate System (RHCS) using Futurex PKCS #11 libraries. For additional questions about your HSM, see the relevant user guide.

About RHCS

From the Red Hat knowledge base website: Red Hat Certificate System provides a powerful security framework to manage user identities and ensure communication privacy. Handling the major functions of the identity life cycle, Red Hat Certificate System simplifies enterprise-wide deployment and adoption of a public key infrastructure (PKI).

Basic architecture of an RHCS deployment

Although each RHCS subsystem (CA, KRA, OCSP, TKS, TPS) provides a different service, all share a common architecture. For more information, refer to the following Red Hat knowledge base article: https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/planning_installation_ and_deployment_guide/sect-certificate-system-architecture-overview

Integration overview

This guide shows you how to perform the following tasks:

  1. Install Futurex PKCS #11.
  2. Configure the KMES Series 3.
  3. Edit the Futurex PKCS #11 configuration file.
  4. Install RHCS and deploy the subsystem.

The following sections show you how to perform these tasks.

When you complete all four tasks, fully configuring the RHCS integration with the Futurex KMES Series 3., all CA subsystem keys are secured within the internal HSM of the KMES and are available to RHCS when required.