Table of Contents
Advertisement
Certificate-Based Enrollment
•
doSslAuth
for SSL client authentication. You must set the value of this parameter to
and make sure that the port number specified in the authentication instance is
an SSL port.
Before modifying a form, be sure to take a look at the default certificate-based
enrollment forms. Also check the customization-related information for the
enrollment forms in CMS Customization Guide.
In addition to the enrollment forms, a policy plug-in named
also provided; see "IssuerConstraints Plug-in Module" on page 96. This plug-in
allows you to configure the server to recognize the CA that issues the certificates
that your users will use for authentication purposes; you need this policy to ensure
that the CA issues certificates only to those users who present a valid certificate
during enrollment. Note that in the current implementation, the CA that issues the
new certificates must be the same as the one that issues the certificates users will
use for authentication. That is, the issuer DN in the authentication certificate must
match the issuer DN specified in the policy configuration.
Here are a few things to keep in mind:
•
Enrollment requests for dual certificates must be submitted directly to the
Certificate Manager; the Registration Manager doesn't support generation of
dual certificates.
•
The Certificate Manager provides a bulk-enrollment interface, which can be
used to preload keys and certificates on hardware tokens before distributing
them to users for certificate enrollment. For details, see section "Bulk
Enrollment Interface" of CMS Customization Guide.
•
When using certificate-based enrollment, the
be enabled and configured to check the CA (its issuer DN) in certificates users
will use to authenticate to the server. Also, the value assigned to the
parameter must match the issuer DN of the CA that was used to generate
hardware tokens in bulk.
•
Enabling certificate-based enrollment creates one link, named
under the list of user-enrollment links in the end-entity enrollment interface.
By default, the link points to the
want to use either of the other two forms,
or
to the form you want to use or add more links to the
54
Netscape Certificate Management System Plug-ins Guide • October 2001
—this variable specifies whether the server should request the client
CertBasedSingleEnroll.html
IssuerConstraints
CertBasedDualEnroll.html
CertBasedEncryptionEnroll.html
, you should associate the
index.html
on
IssuerConstraints
policy must
issuerDN
,
Certificate
form. If you
link
Certificate
file.
is
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE