Manualshelf

System information

ManualsBrandsRed Hat ManualsOtherCERTIFICATE SYSTEM 8 - AGENTS GUIDE
81828384858687888990
Note
If the PIN_RESET policy is not set, then user-initiated PIN resets are allowed by
default. If the policy is present and is changed from NO to YES, then a PIN reset
can be initiated by the user once; after the PIN is reset, the policy value
automatically changes back to NO.
More token information can be modified through the Administrator Operations tab.
3.3. Listing Token Certificates
Click Show Certificates in the token details page to display a list of all certificates stored on
that token, including information such as certificate ID, certificate type, and serial number.
3.4. Conflicting Token Certificate Status Information
The TPS stores the complete history of certificates' status, so that all changes in status can be
reviewed. However, the status shown on the token is that last status of the certificate at the time
the token was formatted. The status of the certificates on the token may not immediately reflect
the real status of the certificates. It is possible to have multiple tokens with the same certificate
information on them; it then is possible for the certificate status on these tokens to become out
of sync with the status information in the CA database. When viewing these tokens in the TPS
agents page, then, the certificate information can be inconsistent.
For example, Token #1 has two certificates stored on it, an encryption certificate (Encrypt #1)
and a signing certificate (Signing #1). If Token #1 is lost, then both of its certificates are
revoked, so both Encrypt #1 and Signing #1 are marked as revoked. When the user is issued a
new token, Token #2, then Encrypt #1 is recovered, and a new signing certificate, Signing #2, is
issued. The status for the three certificates, then, is as follows:
Signing #1 - revoked
Signing #2 - active
Encrypt #1 - active
If Token #1 is found, then the the certificates for Token #2 are revoked and the certificates for
Token #1 are reactivated. The status for the three certificates, then, is as follows:
Signing #1 - active
Signing #2 - revoked
Encrypt #1 - active
Listing Token Certificates
83