Enrollment Forms
58
Netscape Certificate Management System Plug-Ins Guide • May 2002
Customizing Enrollment Forms for Generating
DSA Key Pairs
Netscape Communicator (version 4.x and later) can successfully obtain and use
DSA client certificates for SSL client authentication. These versions of
Communicator can also recognize the signature on SSL certificates signed by a
DSA CA. In order for Communicator to generate a DSA key pair, you must modify
the
KEYGEN
tag in the default certificate enrollment forms; the modifications will
indicate that the DSA algorithm is to be used, and will also supply the PQG
parameters. For details on the
KEYGEN
tag, see the document entitled Netscape
Extensions for User Key Generation available at this site:
http://home.netscape.com/eng/security/comm4-keygen.html
Depending on the enrollment plug-in you want to use for authenticating end users,
you may need to modify the
KEYGEN
tags in the following certificate enrollment
forms:
•
DirPinUserEnroll.html
•
DirUserEnroll.html
•
ManObjSignEnroll.html
•
ManUserEnroll.html
•
NISUserEnroll.html
•
PortalEnrollment.html
These files are located in this directory:
<server_root>/cert-<instance_id>/web-apps/ee
The procedure below explains how to modify an enrollment form to generate a
DSA key pair when used with Netscape Communicator:
1.
Go to the configuration directory of the Certificate Manager:
<server_root>/cert-<instance_id>/config
2.
Open the Certificate Manager’s configuration file (
CMS.cfg
) in a text editor.
3.
Open the enrollment form in a text editor.
4.
In the configuration file, find the
DSSParms
entry; this entry represents the
PQG attribute and its value contains the PQG parameters that the CA has
generated during configuration.
5.
Copy the value of the
DSSParms
entry.
6.
Go to the text editor that has the enrollment form open.
Summary of Contents for Certificate Management System 6.01
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 01 May 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide May 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide May 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide May 2002...