NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Red Hat Certificate System 9.4

Certificate Date:  2019.04.09

Validation Report Number:  CCEVS-VR-VID10831-2019

Product Type:    Certificate Authority

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Certification Authorities Version 2.1

CC Testing Lab:  Gossamer Security Solutions

Maintenance Release:
CC Certificate [PDF] Security Target [PDF] * Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Installation Guide [PDF]

* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The Red Hat Certificate System (RHCS) 9.4 is an application that issues and manages public-key certificates.  RHCS runs within Red Hat Enterprise Linux (RHEL 7.6), an operating system that protects the subsystems of the TOE with Security-Enhanced Linux (SELinux) policies and which provides secure network connections (using the TOE’s Tomcat’s HTTP/TLS to allow remote administration).  RHCS provides proof of origin for issued certificates as well as certificate status information through CRLs and OCSP responses.  RHCS verifies certificate related messages for issuance and revocation using signed CMC requests and responses.

Evaluated Configuration

Red Hat produces and distributes one instance of code, identified as Red Hat Certificate System (RHCS).  The evaluated and tested version of this code is RHCS 9.4 batch update 3 running on Red Hat Enterprise Linux version 7.6.

The TOE allows remote access protected by TLS.  Interfaces available to administrators include an HTTPS WebUI, a set of TLS protected command line tools, and a pkiconsole application.  The command line tools and pkiconsole application both utilize HTTPS protected REST API interfaces which ultimately are protected by TLS.

Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 1027.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.  The product, when delivered and configured as identified in the Red Hat Certificate System 9.4 Planning, Installation, and Deployment Guide (Common Criteria Edition) document, satisfies all of the security functional requirements stated in the Red Hat® Certificate System (CAPP21) Security Target, Version 1.0, April 9, 2019.  The project underwent CCEVS Validator review.  The evaluation was completed in April 2019.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10831-2019) prepared by CCEVS.

Environmental Strengths

The logical boundaries of the Red Hat Certificate System 9.4 batch update 3 are realized in the security functions that it implements. Each of these security functions is summarized below.

Security audit:

The TOE generates logs for a range of security relevant events and relies upon its Operational Environment (OE) for generation of operating system events. The TOE provides secure storage of audit events and further provides separate audit storage for certificate related events.  The TOE provides no administrator or auditor method for deletion or removal of events, and the TOE shuts down in the event of an error that prevents the TOE from creating new audit records.


The TOE provides proof of origin for issued certificates through CRLs and OCSP responses.  The TOE also verifies certificate related messages using signed CMC requests and responses.

Cryptographic support:

The TOE relies upon its OE for all cryptography and uses the OE-provided cryptography in support of certificate issuance and related CA operations, in support of HTTPS, TLSS, and TLSC operations.

User data protection

The TOE provides certificate profile functionality and certificate generation services conforming to IETF RFC 5280.  The TOE provides certificate status information through CRLs and OCSP responses.  The TOE clears sensitive data from buffers before releasing the buffers.

Identification and authentication:

The TOE handles Certificate Management over CMS as both a client and server.  The TOE performs certificate path validation in conformance with IETF RFC 5280.

Security management:

The TOE provides all the interfaces necessary to manage the security functions identified throughout this Security Target as well as other functions commonly found in certificate authorities.  The TOE provides its available functions to CA administrators, CA operations staff, Administrators/Officers, and Auditors.

Protection of the TSF:

The TOE protects itself by verifying important certificates during startup, recognizing certificate problems and securely terminating in the event it detects failure.  The TOE utilizes a HSM and relies upon the HSM to secure protect the keys stored by the TOE in the HSM, and to offer services to allow operations using the HSM protected certificates.  The TOE also relies upon the RHEL operating system in its environment for time and update functions.

TOE access:

The TOE offers an administrator configurable timeout after which to lock remote interactive sessions as well as allowing remote users to terminate their interactive session.  The TOE also has the capability to display an advisory message (banner) when users access the TOE for use.

Trusted path/channels:

The TOE protects interactive communication with administrators on the HTTPS (WebUI) interface, the set of TLS protected command line tools, and the pkiconsole application that utilizes HTTPS protected REST API interfaces.  In each case, both integrity and disclosure protection are ensured.   If the negotiation of an encrypted session fails or if the user does not have authorization for remote administration, the attempted connection will not be established.

The TOE protects communication with network peers, such as a directory services, using TLS connections to prevent unintended disclosure or modification of data.

Vendor Information

Red Hat, Inc.
Christina Fu
Site Map              Contact Us              Home