Configuring the Server’s Security Preferences
Chapter
7
Administrative Basics
321
6.
If you submitted the request to a Certificate Manager and if you have agent
privileges for that Certificate Manager, log in to its Agent Services interface,
locate the request, and check the request for required extensions. (If you
submitted the request to any other CA, you must ask the person managing that
CA to make the same changes to the request before approving it.)
Make sure that only the
SSL Client
option for certificate type is selected in the
request. For certificates with no Netscape Certificate Type extensions, the Key
Usage extension must be included with
Signing
and
Encryption
bits set.
7.
Approve the request.
8.
Once you have the certificate ready, restart the wizard and install the certificate
in the Certificate Manager’s database. For general instructions to use the
wizard to add a certificate, see “Using the Wizard to Install a Certificate or
Certificate Chain” on page 307.
Note that the default nickname for the certificate is
crlSigningCert cert-<instance_id>
, where
<instance_id>
identifies the
CMS instance in which the Certificate Manager is installed.
9.
After you’ve installed the certificate successfully, go to the Tasks tab and stop
the Certificate Manager.
10.
Configure the Certificate Manager to use this certificate.
After you install the certificate, configure the Certificate Manager to use the
new certificate for SSL client authentication to the publishing directory. For
instructions, see.
Check the Certificate Database for the CA Certificate
The CA that signed the agent’s SSL client certificate must be trusted by the
subsystem that services requests from the agent. Make sure that this CA’s
certificate exists in the subsystem’s certificate database (internal or external) and
that it is trusted. To check whether the CA’s certificate exists in your subsystem’s
certificate database, follow the instructions in “Managing the Certificate Database”
on page 292.
•
If the CA certificate isn’t listed, follow the instructions in “Using the Wizard to
Install a Certificate or Certificate Chain” on page 307 and add the certificate to
the certificate database.
•
If the CA’s certificate is listed but untrusted, follow the instructions in
“Changing the Trust Settings of a CA Certificate” on page 294 and change the
trust setting to trusted.
Summary of Contents for Certificate Management System 6.2
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 2 June 2003...
Page 22: ...22 Netscape Certificate Management System Administrator s Guide June 2003...
Page 30: ...Documentation 30 Netscape Certificate Management System Administrator s Guide June 2003...
Page 84: ...Uninstalling CMS 84 Netscape Certificate Management System Administrator s Guide June 2003...
Page 380: ...ACL Reference 380 Netscape Certificate Management System Administrator s Guide June 2003...
Page 750: ...Object Identifiers 750 Netscape Certificate Management System Administrator s Guide June 2003...
Page 828: ...Managing Certificates 828 Netscape Certificate Manager System Administrator s Guide June 2003...
Page 844: ...The SSL Handshake 844 Netscape Certificate Manager System Administrator s Guide June 2003...
Page 862: ...862 Netscape Certificate Management System Administrator s Guide June 2003...