Managing Certificates
Appendix
J
Introduction to Public-Key Cryptography
791
Netscape Certificate Management System allows an organization to set up its own
certificate authority and issue certificates.
Issuing certificates is one of several managements tasks that can be handled by
separate Registration Authorities.
Certificates and the LDAP Directory
The Lightweight Directory Access Protocol (LDAP) for accessing directory services
supports great flexibility in the management of certificates within an organization.
System administrators can store much of the information required to manage
certificates in an LDAP-compliant directory. For example, a CA can use
information in a directory to prepopulate a certificate with a new employee’s legal
name and other information. The CA can leverage directory information in other
ways to issue certificates one at a time or in bulk, using a range of different
identification techniques depending on the security policies of a given
organization. Other routine management tasks, such as key management and
renewing and revoking certificates, can be partially or fully automated with the aid
of the directory.
Information stored in the directory can also be used with certificates to control
access to various network resources by different users or groups. Issuing
certificates and other certificate management tasks can thus be an integral part of
user and group management.
In general, high-performance directory services are an essential ingredient of any
certificate management strategy. Netscape Directory Server is fully integrated with
Netscape Certificate Management System to provide a comprehensive certificate
management solution.
Key Management
Before a certificate can be issued, the public key it contains and the corresponding
private key must be generated. Sometimes it may be useful to issue a single person
one certificate and key pair for signing operations, and another certificate and key
pair for encryption operations. Separate signing and encryption certificates make it
possible to keep the private signing key on the local machine only, thus providing
maximum nonrepudiation, and to back up the private encryption key in some
central location where it can be retrieved in case the user loses the original key or
leaves the company.
Содержание Certificate Management System 6.1
Страница 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Страница 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 68: ...Support for Open Standards 68 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 166: ...How a Registration Manager Works 166 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 566: ...Managing Policy Plug in Modules 566 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 710: ...1 3 Organization Security Policies 710 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 716: ...Object Identifiers 716 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 762: ...DNs in Certificate Management System 762 Netscape Certificate Management System Administrator s Guide February 2003...
Страница 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Страница 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Страница 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...