Agent-Approved Enrollment
Chapter
9
Authentication
387
To create dual-key pairs, and the resultant certificates associated with each key,
you need to enable this function by changing the javascript found in the enrollment
page. You use any method of authentication, chaining it to enable dual-key pairs
by modifying the javascript on that enrollment page. There are instructions,
presented as HTML comments, in the forms describing how to change the
javascript. Basically, you need to add some lines to the javascript and you are ready
to go.
When you set up dual-key pairs, you should check your policy or certificate profile
set up and set your policies or certificate profiles to work correctly when
generating separate certificates for signing and encryption.
Agent-Approved Enrollment
Both the Registration Manager and Certificate Manager are initially configured for
agent-approved enrollment. An end entity makes a request which is then sent to
the agent services interface for an agent’s approval. An agent can change some
aspects of the request, change the status of the request, reject the request, or
approve the request. Once the request is approved, the signed request is sent to the
Certificate Manager for processing. The Certificate Manager processes the request
and issues the certificate.
The agent-approved enrollment method is not configurable. If you don’t configure
a Certificate Manager or Registration Manager for any other enrollment method,
the server automatically sends all certificate-related requests to a queue where they
await agent approval. This ensures that all requests that lack authentication
credentials are sent to the request queue for agent approval.
Setting Up Agent-Approved Enrollment
To set up agent-approved enrollment you do the following:
•
Set any policies for certificate extensions, or for constraints on certificates, see
Chapter 11, “Policies” for information about policies. Alternatively, you can
enroll users through the certificate profile functionality specifying
agent-approved enrollment and setting policies for specific certificates in the
certificate profile, see Chapter 10, “Certificate Profiles” for information about
policies.
Содержание Certificate Management System 6.1
Страница 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Страница 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 68: ...Support for Open Standards 68 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 166: ...How a Registration Manager Works 166 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 566: ...Managing Policy Plug in Modules 566 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 710: ...1 3 Organization Security Policies 710 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 716: ...Object Identifiers 716 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 762: ...DNs in Certificate Management System 762 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Страница 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Страница 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...