Configuring the Server’s Security Preferences
Chapter
7
Administrative Basics
323
6.
If you submitted the request to a Certificate Manager and if you have agent
privileges for that Certificate Manager, log in to its Agent Services interface,
locate the request, and check the request for required extensions. (If you
submitted the request to any other CA, you must ask the person managing that
CA to make the same changes to the request before approving it.)
Make sure that only the
SSL Client
option for certificate type is selected in the
request. For certificates with no Netscape Certificate Type extensions, the Key
Usage extension must be included with
Signing
and
Encryption
bits set.
7.
Approve the request.
8.
Once you have the certificate ready, restart the wizard and install the certificate
in the Certificate Manager’s database. For general instructions to use the
wizard to add a certificate, see “Using the Wizard to Install a Certificate or
Certificate Chain” on page 309.
Note that the default nickname for the certificate is
crlSigningCert cert-<instance_id>
, where
<instance_id>
identifies the
CMS instance in which the Certificate Manager is installed.
9.
After you’ve installed the certificate successfully, go to the Tasks tab and stop
the Certificate Manager.
10.
Configure the Certificate Manager to use this certificate.
After you install the certificate, configure the Certificate Manager to use the
new certificate for SSL client authentication to the publishing directory. For
instructions, see.
Check the Certificate Database for the CA Certificate
The CA that signed the agent’s SSL client certificate must be trusted by the
subsystem that services requests from the agent. Make sure that this CA’s
certificate exists in the subsystem’s certificate database (internal or external) and
that it is trusted. To check whether the CA’s certificate exists in your subsystem’s
certificate database, follow the instructions in “Managing the Certificate Database”
on page 294.
•
If the CA certificate isn’t listed, follow the instructions in “Using the Wizard to
Install a Certificate or Certificate Chain” on page 309 and add the certificate to
the certificate database.
•
If the CA’s certificate is listed but untrusted, follow the instructions in
“Changing the Trust Settings of a CA Certificate” on page 296 and change the
trust setting to trusted.
Содержание Certificate Management System 6.1
Страница 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Страница 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 68: ...Support for Open Standards 68 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 166: ...How a Registration Manager Works 166 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 566: ...Managing Policy Plug in Modules 566 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 710: ...1 3 Organization Security Policies 710 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 716: ...Object Identifiers 716 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 762: ...DNs in Certificate Management System 762 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Страница 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Страница 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...