Importing Certificate Chains
Appendix
F
Certificate Download Specification
713
Importing Certificate Chains
Several of the supported formats can contain multiple certificates. When the
Netscape certificate decoder encounters a collection of certificates, it handles them
as follows:
•
The first certificate is processed in a context-specific manner, which varies
according to how it is being imported. For Communicator, this handling
depends upon the MIME content type that is used on the object being
downloaded. For Netscape servers, it depends upon the options selected in the
server administration interface.
•
Subsequent certificates are all treated the same. If the certificates contain the
SSL-CA bit in the netscape-cert-type certificate extension and do not already
exist in the local certificate database, they are added as untrusted CAs. In this
way they can be used for certificate chain validation as long as there is a
trusted CA somewhere along the chain.
Importing Certificates into Netscape
Communicator
Communicator imports certificates via HTTP. There are several MIME content
types that are used to indicate to Communicator what type of certificate is being
imported. These MIME types are as follows:
•
application/x-x509-user-cert
The certificate being downloaded is a user certificate belonging to the user
operating Communicator. If the private key associated with the certificate does
not exist in the user’s local key database, then Communicator generates an
error dialog and the certificate is not imported. If a certificate chain is being
imported, then the first certificate in the chain must be the user certificate, and
any subsequent certificates will be added as untrusted CA certificates to the
local database.
•
application/x-x509-ca-cert
The certificate being downloaded represents a certificate authority. When it is
downloaded, a sequence of dialogs guides the user through the process of
accepting the Certificate Authority and deciding whether to trust sites certified
by the CA.
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...