Managing the Certificate Database
Chapter
7
Administrative Basics
301
•
Online Certificate Status Manager Signing Certificate—choose this option if
you want to request a signing certificate for the Online Certificate Status
Manager.
•
Registration Manager Signing Certificate—choose this option if you want to
request a signing certificate for the Registration Manager.
•
SSL Server Certificate—choose this option if you want to generate an SSL
server certificate request for the CMS manager.
•
Other—choose this option if you want to generate a certificate request for a
certificate that is not generated by a CMS manager by default. For example, in
a Certificate Manager, you can use this option to request a CRL signing
certificate or a separate SSL client certificate exclusively for authenticating to
the publishing directory. Be sure to specify the certificate type in the adjoining
field. By default only two certificate types are supported:
caCrlSigning
for the
CRL signing certificate and
client
for SSL client certificate (see “Getting an
SSL Client Certificate for a Subsystem” on page 322)
Step 3. Specify the Key-Pair Information
Specify the key-pair information for the certificate to be requested.
You need to identify the following:
•
The token that contains the key pair for generating the certificate request—the
drop-down list shows the names of tokens currently installed for the selected
CMS instance; these are the tokens you can use now.
❍
The internal token is identified as internal. You should choose this option if
the key pair for the certificate you chose in the previous step is stored in
the local key database.
❍
The names of external tokens vary, matching the names specified when the
tokens were installed. You should choose this option if the key pair for the
certificate you chose in the previous step is in an external cryptographic
device. If you don’t see the token you want to use, exit from the wizard,
make sure the token is installed properly, restart the server, and repeat the
process. For information on using or installing external tokens, see
“External Token” on page 316.
•
The key pair for generating the certificate request—you can choose to generate
the certificate request based on an existing or a new key pair.
❍
If you want to renew the certificate you selected in the previous step, use
the existing key pair for generating the request. For example, you can
extend the validity period of a certificate by renewing it.
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...