How The Certificate Manager Works
Chapter
3
Certificate Manager
125
❍
The agent-approved process, which involves no end-entity authentication,
sends the request to the request queue in the agent services interface where
an agent must processes the request. An agent can then change the status
of the request, reject the request, or approve the request. The agent can also
change some aspects of the request.
You can set up an automated notification that send an email any time a
request appears in the queue to the agent, or an automated job that sends a
list of the contents of the queue to agents on a pre configured schedule. See
Chapter 12, “Automated Notifications” and Chapter 13, “Automated
Jobs.”
❍
The automated process, which involves end-entity authentication, allows
the certificate to be processed upon successful authentication of the end
entity.
•
The form can collect information about the end entity from an LDAP directory
when the form is submitting. You can set up policies using predicates that
request this information from the LDAP directory when the user authenticates
using an LDAP user ID and password. For certificate profile based enrollment,
you set up defaults that are used to collect this information.
•
The policies or certificate profile associated with the form determine aspects of
the certificate that is issued. Depending on the policies or certificate profile that
are associated with the form, the request is evaluated against these to
determine if the request meets the constraints set, if the required information is
provided, and what the resultant certificate will contain.
•
The form can also request the export of the private encryption key from the
user. If the Data Recovery Manager subsystem is set up with this CA, the end
entities key is requested, and an archival request is sent to the Data Recovery
Manager. This process generally takes place in the background requiring no
interaction from the end entity.
•
The certificate request is either rejected at some point in the process either by
an agent, or because it did not meet the policy, certificate profile, or
authentication requirements, or a certificate is issued.
•
The certificate is delivered to the end entity.
❍
In automated (for example, directory-based) enrollment, the certificate is
delivered to the user immediately. Normally, the enrollment is via HTML
page (the browser), the certificate is returned as a response (HTML page)
to a HTTP submit (post).
❍
In agent-approved enrollment, the certificate can be retrieved by serial
number, or request Id in the end-entity interface.
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...