Installing a Standalone Data Recovery Manager
216
Netscape Certificate Management System Administrator’s Guide • February 2003
The transport certificate was issued by the CA to which you submitted the
certificate signing request. You might have submitted the request to the Certificate
Manager that is installed in the same instance, internally deployed another CA, or a
public CA. To find out the issuer name, follow the instructions in “Viewing and
Deleting Certificate Database Content” on page 295.
Storage Key Pair
Every Data Recovery Manager you have installed has a Data Recovery Manager
storage key pair. The first time you generated this key pair is when you installed the
Data Recovery Manager.
The Data Recovery Manager uses the public component of this key pair to encrypt
(or wrap) end-entity’s encryption private keys during the key archival operation; it
uses the private component to decrypt (or unwrap) the archived key during the
recovery operation. That is, the public key is used to encrypt the key repository the
server uses to store end-entity’s encryption private keys. For more information on
how this key pair is used, see Chapter 6, “Data Recovery Manager.”
Note that the public component of the storage key pair is not certified; there is no
certificate that corresponds to the public key.
Keys encrypted with the storage key can be retrieved only by authorized key
recovery agents. For details, see “Key Recovery Agents and Their Passwords” on
page 205.
SSL Server Key Pair and Certificate
Every Data Recovery Manager you have installed has at least one SSL server
certificate. The first time you generated this certificate is when you installed the
Data Recovery Manager. The default nickname for the certificate is
Server-Cert cert-<instance_id>
, where
<instance_id>
identifies the CMS
instance in which the Data Recovery Manager is installed.
The Data Recovery Manager’s SSL server certificate was issued by the CA to which
you submitted the certificate signing request. You might have submitted the
request to the Certificate Manager that is installed in the same instance, an
internally deployed CA, or a public CA. To find out the issuer name, follow the
instructions in “Viewing and Deleting Certificate Database Content” on page 295.
The Data Recovery Manager uses its SSL server certificate to do SSL server-side
authentication to the following:
•
The end entity services interface (the HTTPS port)
•
The Data Recovery Manager Agent Services interface
Содержание Certificate Management System 6.1
Страница 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Страница 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 68: ...Support for Open Standards 68 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 166: ...How a Registration Manager Works 166 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 566: ...Managing Policy Plug in Modules 566 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 710: ...1 3 Organization Security Policies 710 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 716: ...Object Identifiers 716 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 762: ...DNs in Certificate Management System 762 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Страница 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Страница 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...