Red Hat Rolls New Security Certificate System

Red Hat is rolling out a new version of its Red Hat
Certificate System (RHCS) that improves smart card usability, management and
integration on Linux, Mac and Windows platforms.

RHCS 7.2 represents the evolution of technologies
acquired by Red Hat from the remnants of Netscape in 2004. RHCS can manage
the deployment and maintenance of user identities via a Public Key
Infrastructure (PKI)

Bob Lord, Senior Director of Security Engineering at Red Hat noted that a
lot of things have changed since Red Hat has taken ownership of the product.
Lord explained to that the certificate system used
to run on the Netscape Enterprise Server and it has now migrated to run on
top of Apache.

Red Hat has also improved the modularity of the certificate system.
Previously updates were only available as large packages and now Red Hat has
broken them up into individual RPMs (Red Hat’s Package Manager format), that
can be updated individually which simplifies deployment and management.

The new 7.2 release also improved client side management via improved
enterprise security clients. Those clients are the desktop middleware
components that enables users to interact with the smartcards that are
managed by the certificate system.

RHCS 7.2 also improves smartcard management by allowing for PIN reset, user
enrollment and software upgrades.

Currently the RHCS 7.2 system is not entirely open source though Lord noted
that is Red Hat’s intention. The Red Hat Directory Server which is part of
RHCS and is another piece of technology Red Hat snapped up from Netscape, is
available under open source license. Red Hat’s Fedora community Linux effort offers the Fedora Directory Serverwhich is based on the open sourced components.

“We haven’t open sourced everything to this date as we’re trying to find
where on the schedule where to do that,” said Lord. “The effort takes a fair amount of time and due diligence.”

“We’ve learned from our lessons as we opened the source to directory server
about how to go about doing that,” added Lord. “We’ll applying those lessons to the certificate system.”

The improvement in RHCS 7.2 will also be reflected in the upcoming flagship
release from Red Hat of Red Hat Enterprise Linux 5 (RHEL). Lord noted that
smartcard login support will be in RHEL 5 so users of RHCS will be able to
issue smart cards and use them to log into desktops and servers.

Beyond just enterprise use, Red Hat is facilitating the use of RHCS for
military use as well. Military Common Access Cards (CAC) that include name,
rank, serial number and photographs will also be supported in RHEL 5. Lord
explained that the certificate system is the system that is used to create
the certificates for CAC cards. Military use of Red Hat’s Linux
technologies is a big market for Red Hat. Just this week, Red Hat announced
that the Swedish armed forces would be migrating from Windows to Red Hat.

“We’ll continue to work to make these technologies more deployable and we’re going to continue to integrate them into the operating system,” Lord said. “End users will have an easier time of using them since they’ll be
woven into the fabric of what they do day to day.”

News Around the Web