The Red Hat Certificate System (RHCS) 10.4 is an application that issues and manages public-key certificates. RHCS runs within Red Hat Enterprise Linux (RHEL 8.6), an operating system that protects the subsystems of the TOE with Security-Enhanced Linux (SELinux) policies and which provides secure network connections (using the TOE’s Tomcat’s HTTP/TLS to allow remote administration). RHCS provides proof of origin for issued certificates as well as certificate status information through CRLs and OCSP responses. RHCS verifies certificate related messages for issuance and revocation using signed CMC requests and responses.
","evaluation_configuration":"Red Hat produces and distributes one instance of code, identified as Red Hat Certificate System (RHCS). The evaluated and tested configuration consists of the Red Hat Certificate System 10.4 running Red Hat Enterprise Linux (RHEL 8.6) on a Dell PowerEdge R440 with an Intel(R) Xeon(R) Silver 4216 processor. An Entrust nShield Connect XC series Hardware Security Module provided hardware based cryptographic security functions.
\r\nThe TOE allows remote access protected by TLS. Interfaces available to administrators include an HTTPS WebUI, a set of TLS protected command line tools, and a pkiconsole application. The command line tools and pkiconsole application both utilize HTTPS protected REST API interfaces which ultimately are protected by TLS.
","security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Red Hat Certificate System 10.4 Planning, Installation, and Deployment Guide (Common Criteria Edition) document, and operated as described by the Red Hat Certificate System 10.4 Administration Guide (Common Criteria Edition) satisfies all of the security functional requirements stated in the Red Hat® Certificate System (CAPP21) Security Target, Version 0.6, August 19, 2024. The project underwent CCEVS Validator review. The evaluation was completed in August 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11468-2024) prepared by CCEVS
","environmental_strengths":"The logical boundaries of the Red Hat Certificate System 10.4 are realized in the security functions that it implements. Each of these security functions is summarized below.
\r\nSecurity audit:
\r\nThe TOE generates logs for a range of security relevant events and relies upon its Operational Environment (OE) for generation of operating system events. The TOE provides secure storage of audit events and further provides separate audit storage for certificate related events. The TOE provides no administrator or auditor method for deletion or removal of events, and the TOE shuts down in the event of an error that prevents the TOE from creating new audit records.
\r\nCommunication:
\r\nThe TOE provides proof of origin for issued certificates through CRLs and OCSP responses. The TOE also verifies certificate related messages using signed CMC requests and responses.
\r\nCryptographic support:
\r\nThe TOE relies upon its OE for all cryptography and uses the OE-provided cryptography in support of certificate issuance and related CA operations, in support of HTTPS, TLSS, and TLSC operations.
\r\nUser data protection
\r\nThe TOE provides certificate profile functionality and certificate generation services conforming to IETF RFC 5280. The TOE provides certificate status information through CRLs and OCSP responses. The TOE clears sensitive data from buffers before releasing the buffers.
\r\nIdentification and authentication:
\r\nThe TOE handles Certificate Management over CMS as both a client and server. The TOE performs certificate path validation in conformance with IETF RFC 5280.
\r\nSecurity management:
\r\nThe TOE provides all the interfaces necessary to manage the security functions identified throughout this Security Target as well as other functions commonly found in certificate authorities. The TOE provides its available functions to CA administrators, CA operations staff, Administrators/Officers, and Auditors.
\r\nProtection of the TSF:
\r\nThe TOE protects itself by verifying important certificates during startup, recognizing certificate problems and securely terminating in the event it detects failure. The TOE utilizes a HSM and relies upon the HSM to secure and protect the keys stored by the TOE in the HSM, and to offer services to allow operations using the HSM protected certificates.
\r\nTOE access:
\r\nThe TOE offers an administrator configurable timeout after which to lock remote interactive sessions as well as allowing remote users to terminate their interactive session. The TOE also has the capability to display an advisory message (banner) when users access the TOE for use.
\r\nTrusted path/channels:
\r\nThe TOE protects interactive communication with administrators on the HTTPS (WebUI) interface, the set of TLS protected command line tools, and the pkiconsole application that utilizes HTTPS protected REST API interfaces. In each case, both integrity and disclosure protection are ensured. If the negotiation of an encrypted session fails or if the user does not have authorization for remote administration, the attempted connection will not be established.
\r\nThe TOE protects communication with network peers, such as a directory services, using TLS connections to prevent unintended disclosure or modification of data
","features":[{"id":153,"feature_name":"Asymmetric Key Generation"},{"id":147,"feature_name":"Auditing"},{"id":150,"feature_name":"Certificate Authentication"},{"id":151,"feature_name":"Certificate Validation"},{"id":152,"feature_name":"Certification Authority"},{"id":157,"feature_name":"Cryptographic Hashing"},{"id":154,"feature_name":"Cryptographic Key Establishment"},{"id":156,"feature_name":"Cryptographic Signature Generation"},{"id":155,"feature_name":"Cryptographic Signature Verification"},{"id":159,"feature_name":"DRBG"},{"id":148,"feature_name":"Key Destruction"},{"id":158,"feature_name":"Keyed-hash message authentication"},{"id":160,"feature_name":"TLS 1.2"},{"id":149,"feature_name":"TLS Client with Mutual Authentication"},{"id":161,"feature_name":"TLS Server with Mutual Authentication"}]}