Table of Contents
Advertisement
Enrollment Interface
NOTE
Default Forms
There are two types of default HTML forms that use the enrollment interface:
manual or automated enrollment. Forms that use automated enrollment send an
authentication plug-in name as a parameter in the request which the servlet can
use to authenticate and process the request without manual intervention.
The default manual enrollment forms are:
•
ManUserEnroll.html
•
ManServerEnroll.html
•
ManObjSign.html
•
ManCAEnroll.html
certificates.
•
ManRAEnroll.html
The default automated enrollment forms are:
•
DirUserEnroll.html
UidPwdDirAuth
•
DirPinUserEnroll.html
UidPwdPinDirAuth
56
Netscape Certificate Management System Customization Guide • May 2002
The forms rely on a shared library called
from the CMS server) to generate keys for Microsoft Internet
Explorer browsers. By default, the keys generated by
have a "medium" security setting which means they will be stored
unencrypted and that they can be used by the browser for signing
without prompting the user for a password. A "high" security
setting will store the keys in a separate, encrypted file and force the
user to enter a password to use the keys for signing. There is no way
to force a "high" setting for keys, but you can force a dialog to
appear to allow the user to choose a security setting when the key is
first generated. Edit the Visual Basic script for
the enrollment forms (listed in the next section). Set the value of the
parameter to 3 to prompt the user for a security setting
GenKeyFlags
when a key is generated using Microsoft Internet Explorer.
for requesting client certificates.
for requesting server certificates.
for requesting object signing certificates.
for requesting subordinate Certificate Manager signing
for requesting Registration Manager certificates.
uses a
plug-in class by default.
uses a
plug-in class by default.
xenroll.dll
UserDirEnrollment
PinDirEnrollment
(downloaded
xenroll.dll
used in
xenroll.dll
instance of the
instance of the
Advertisement
Table of Contents
