How The Certificate Manager Works
128
Netscape Certificate Management System Administrator’s Guide • June 2003
•
The policies or certificate profile associated with the form determine aspects of
the certificate that is issued. Depending on the policies or certificate profile that
are associated with the form, the request is evaluated against these to
determine if the request meets the constraints set, if the required information is
provided, and what the resultant certificate will contain.
•
The form can also request the export of the private encryption key from the
user. If the Data Recovery Manager subsystem is set up with this CA, the end
entities key is requested, and an archival request is sent to the Data Recovery
Manager. This process generally takes place in the background requiring no
interaction from the end entity.
•
The certificate request is either rejected at some point in the process either by
an agent, or because it did not meet the policy, certificate profile, or
authentication requirements, or a certificate is issued.
•
The certificate is delivered to the end entity.
❍
In automated (for example, directory-based) enrollment, the certificate is
delivered to the user immediately. Normally, the enrollment is via HTML
page (the browser), the certificate is returned as a response (HTML page)
to a HTTP submit (post).
❍
In agent-approved enrollment, the certificate can be retrieved by serial
number, or request Id in the end-entity interface.
❍
If the notification feature is setup, the link, where certificate can be
obtained, will be sent to the end user.
•
You can send an automated certificate issuance notification to the end entity
when the certificate is issued. You can also send an automated certificate
rejected notification if the request was rejected.
•
The certificate that was issued is stored in the internal database of the
Certificate Manager.
•
You can set up publishing for the Certificate Manager and publish the
certificate either to a file and an LDAP directory.
•
You can set up the internal OCSP service, which checks the status of certificates
in the internal database when a certificate status request is received.
•
The end-entity interface provides forms that allow for searches of certificates
that have been issued and for the CA certificate chain.
Summary of Contents for Certificate Management System 6.2
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 2 June 2003...
Page 22: ...22 Netscape Certificate Management System Administrator s Guide June 2003...
Page 30: ...Documentation 30 Netscape Certificate Management System Administrator s Guide June 2003...
Page 84: ...Uninstalling CMS 84 Netscape Certificate Management System Administrator s Guide June 2003...
Page 380: ...ACL Reference 380 Netscape Certificate Management System Administrator s Guide June 2003...
Page 750: ...Object Identifiers 750 Netscape Certificate Management System Administrator s Guide June 2003...
Page 828: ...Managing Certificates 828 Netscape Certificate Manager System Administrator s Guide June 2003...
Page 844: ...The SSL Handshake 844 Netscape Certificate Manager System Administrator s Guide June 2003...
Page 862: ...862 Netscape Certificate Management System Administrator s Guide June 2003...