About CRLs
600
Netscape Certificate Management System Administrator’s Guide • February 2003
3
= Affiliation Changed—The owner of the certificate is no longer affiliated with
the issuer of the certificate, and either no longer has rights to the access gained with
the certificate or no longer needs it.
4
= Certificate Superseded—Another certificate replaces the use of this one.
5
= Cessation of Operation—The CA that issued the certificate ceases to operate.
6
= Certificate is on Hold—The certificate is on hold pending further action. It is
treated as revoked, but may be taken off hold in the future.
A certificate can be revoked by administrators, agents, and end entities. Agents and
administrators (with agent privileges) can revoke certificates by using the forms
provided in the agent interface. End users can revoke certificates by using the
forms provided in the Revocation tab of the end-entity interface. Note that end
users can revoke only their own certificates, whereas agents and administrators can
revoke any certificates issued by the server. End users are also required to
authenticate to the server in order to revoke their certificate.
Whenever a certificate is revoked, the Certificate Manager updates the status of the
certificate in its internal database. This way, the server keeps track of all revoked
certificates in its internal database and, when configured, it makes the revoked list
of certificates public (by publishing it to a central repository) to notify other users
that the certificates in the list are no longer valid.
Revocation Checking by Netscape Servers
Because Netscape servers currently cannot check the revocation status of a
certificate, you should use other forms of access control. For example, you can
remove individual users from access groups to prevent them from accessing the
server.
Because CMS can check the revocation status of the certificates that it issues, you
do not need to rely on other forms of access control.
Publishing of CRLs
The Certificate Manager can publish the CRL to a file, an LDAP-compliant
directory, or to an OCSP responder. You can set up publishing to one, or all of
these methods, and configure how often updates are made.
For information about setting up publishing to any of these methods, see Chapter
15, “Publishing.”
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...