Publishing of CRLs
612
Netscape Certificate Management System Installation and Setup Guide • October 2001
Manager is configured to do so. In addition to certificates, the Certificate Manager
also maintains a CRL in its internal database. You can configure the Certificate
Manager to generate the CRL every time a certificate is revoked and at periodic
intervals.
You can also configure the Certificate Manager to generate and publish CRLs
conforming to X.509 (either version 1 or version 2) standards by enabling or
disabling the CRL extension-specific modules in the server’s configuration. Note
that the server supports standard CRL extensions that are explained in Chapter 7,
“CRL Extension Plug-in Modules” of CMS Plug-ins Guide.
For instructions on how to configure a Certificate Manager to publish CRLs, see
“Configuring a Certificate Manager to Publish Certificates and CRLs” on page 615.
Reasons for Revoking a Certificate
A Certificate Manager can revoke any certificate it has issued. A certificate needs to
be revoked if one or more of the following situations occur:
•
The owner of the certificate has changed status and no longer has the right to
use the certificate.
•
The private key of a certificate owner has been compromised.
•
The certificate owner doesn’t want to use the certificate.
•
The private key of the CA that issued the certificate has been compromised.
A certificate can be revoked by administrators, agents, and end entities, such as
end users and individual server administrators. Agents and administrators (with
agent privileges) can revoke certificates by using the forms provided in the agent
interface. Administrators, agents, and end users can revoke certificates by using the
forms provided in the Revocation tab of the end-entity interface. Note that end
users can revoke only their own certificates, whereas agents and administrators can
revoke any certificates issued by the server. End users are also required to
authenticate to the server in order to revoke their certificate; see “Authentication of
End Users During Certificate Revocation” on page 517.
Whenever a certificate is revoked, the Certificate Manager updates the status of the
certificate in its internal database. This way, the server keeps track of all revoked
certificates in its internal database and it makes the revoked list of certificates
public (by publishing it to a central repository) to notify other users that the
certificates in the list are no longer valid.
Содержание NETSCAPE MANAGEMENT SYSTEM 4.5
Страница 1: ...Installation and Setup Guide Netscape Certificate Management System Version4 5 October 2001...
Страница 22: ...22 Netscape Certificate Management System Installation and Setup Guide October 2001...
Страница 32: ...32 Netscape Certificate Management System Installation and Setup Guide October 2001...
Страница 80: ...Standards Summary 80 Netscape Certificate Management System Installation and Setup Guide October 2001...
Страница 162: ...162 Netscape Certificate Management System Installation and Setup Guide October 2001...
Страница 328: ...Password Quality Checker 328 Netscape Certificate Management System Installation and Setup Guide October 2001...
Страница 434: ...Deleting a Privileged User 434 Netscape Certificate Management System Installation and Setup Guide October 2001...
Страница 794: ...Managing Log Modules 794 Netscape Certificate Management System Installation and Setup Guide October 2001...
Страница 796: ...796 Netscape Certificate Management System Installation and Setup Guide October 2001...
Страница 827: ...827 Part 5 Appendix Appendix A Certificate Download Specification...
Страница 828: ...828 Netscape Certificate Management System Installation and Setup Guide October 2001...
Страница 834: ...Object Identifiers 834 Netscape Certificate Management System Installation and Setup Guide October 2001...
Страница 850: ...850 Netscape Certificate Management System Installation and Setup Guide October 2001...