Enrollment Interface
NOTE
Default Forms
There are two types of default HTML forms that use the enrollment interface:
manual or automated enrollment. Forms that use automated enrollment send an
authentication plug-in name as a parameter in the request which the servlet can
use to authenticate and process the request without manual intervention.
The default manual enrollment forms are:
•
ManUserEnroll.html
•
ManServerEnroll.html
•
ManObjSign.html
•
ManCAEnroll.html
certificates.
•
ManRAEnroll.html
The default automated enrollment forms are:
•
DirUserEnroll.html
UidPwdDirAuth
•
DirPinUserEnroll.html
UidPwdPinDirAuth
50
Netscape Certificate Management System Customization Guide • March 2002
The forms rely on a shared library called
from the CMS server) to generate keys for Microsoft Internet
Explorer browsers. By default, the keys generated by
have a "medium" security setting which means they will be stored
unencrypted and that they can be used by the browser for signing
without prompting the user for a password. A "high" security
setting will store the keys in a separate, encrypted file and force the
user to enter a password to use the keys for signing. There is no way
to force a "high" setting for keys, but you can force a dialog to
appear to allow the user to choose a security setting when the key is
first generated. Edit the the VisualBasic script for
in the enrollment forms (listed in the next section). Set the value of
the
parameter to 3 to prompt the user for a security
GenKeyFlags
setting when a key is generated using Microsoft Internet Explorer.
for requesting client certificates.
for requesting server certificates.
for requesting object signing certificates.
for requesting subordinate Certificate Manager signing
for requesting Registration Manager certificates.
uses a
plug-in class by default.
uses a
plug-in class by default.
xenroll.dll
UserDirEnrollment
PinDirEnrollment
(downloaded
xenroll.dll
xenroll.dll
instance of the
instance of the
used