Configuring Key Archival And Recovery Process; Step 1. Set Up The Key Archival Process - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Configuring Key Archival and Recovery Process

Configuring Key Archival and Recovery Process
By default, the Data Recovery Manager is not configured to archive or recover end-entity's
encryption private keys. This section explains how to set up key archival and recovery
processes.
•

Step 1. Set Up the Key Archival Process

• Step 2. Set Up the Key Recovery Process
• Step 3. Test Your Key Archival and Recovery Setup
Step 1. Set Up the Key Archival Process
Before proceeding with this section, you should have read "Key Archival Process" on
page 189. In particular, you should be familiar with how the key archival process works. If
you are not, see "How Key Archival Works" on page 190.
To set up the key archival process, follow these steps:
• Step A. Deploy Clients That Can Generate Dual Key Pairs
• Step B. Connect the Enrollment Authority and the Data Recovery Manager
• Step C. Customize the Certificate Enrollment Form
• Step D. Configure Key Archival Policies
Step A. Deploy Clients That Can Generate Dual Key Pairs
You can use the Data Recovery Manager to archive and recover keys only from clients that
support dual key-pair generation, the key archival option, and the CMC protocol. Clients
that do not meet this criteria cannot be used with the Data Recovery Manager. To
understand why you need to use clients that can generate dual key pairs, see "Clients That
Can Generate Dual Key Pairs" on page 188. The same section also points you to an
introduction to Red Hat Personal Security Manager, which when plugged into Netscape
Communicator version 4.7x enables it to support the CMC protocol and generate dual key
pairs.
218 Red Hat Certificate System Administrator's Guide • September 2005