RealTime IT News

Red Hat Rolls New Security Certificate System

Red Hat is rolling out a new version of its Red Hat Certificate System (RHCS) that improves smart card usability, management and integration on Linux, Mac and Windows platforms.

RHCS 7.2 represents the evolution of technologies acquired by Red Hat from the remnants of Netscape in 2004. RHCS can manage the deployment and maintenance of user identities via a Public Key Infrastructure (PKI)

Bob Lord, Senior Director of Security Engineering at Red Hat noted that a lot of things have changed since Red Hat has taken ownership of the product. Lord explained to internetnews.com that the certificate system used to run on the Netscape Enterprise Server and it has now migrated to run on top of Apache.

Red Hat has also improved the modularity of the certificate system. Previously updates were only available as large packages and now Red Hat has broken them up into individual RPMs (Red Hat's Package Manager format), that can be updated individually which simplifies deployment and management.

The new 7.2 release also improved client side management via improved enterprise security clients. Those clients are the desktop middleware components that enables users to interact with the smartcards that are managed by the certificate system.

RHCS 7.2 also improves smartcard management by allowing for PIN reset, user enrollment and software upgrades.

Currently the RHCS 7.2 system is not entirely open source though Lord noted that is Red Hat's intention. The Red Hat Directory Server which is part of RHCS and is another piece of technology Red Hat snapped up from Netscape, is available under open source license. Red Hat's Fedora community Linux effort offers the Fedora Directory Serverwhich is based on the open sourced components.

"We haven't open sourced everything to this date as we're trying to find where on the schedule where to do that," said Lord. "The effort takes a fair amount of time and due diligence."

"We've learned from our lessons as we opened the source to directory server about how to go about doing that," added Lord. "We'll applying those lessons to the certificate system."

The improvement in RHCS 7.2 will also be reflected in the upcoming flagship release from Red Hat of Red Hat Enterprise Linux 5 (RHEL). Lord noted that smartcard login support will be in RHEL 5 so users of RHCS will be able to issue smart cards and use them to log into desktops and servers.

Beyond just enterprise use, Red Hat is facilitating the use of RHCS for military use as well. Military Common Access Cards (CAC) that include name, rank, serial number and photographs will also be supported in RHEL 5. Lord explained that the certificate system is the system that is used to create the certificates for CAC cards. Military use of Red Hat's Linux technologies is a big market for Red Hat. Just this week, Red Hat announced that the Swedish armed forces would be migrating from Windows to Red Hat.

"We'll continue to work to make these technologies more deployable and we're going to continue to integrate them into the operating system," Lord said. "End users will have an easier time of using them since they'll be woven into the fabric of what they do day to day."