Data Recovery Manager Certificate And Storage Key; Online Certificate Status Manager Certificates - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 4.5:
Table of Contents
Advertisement
Subsystem Certificate Decisions
Data Recovery Manager Certificate and Storage
Key
The Data Recovery Manager needs a transport certificate and a storage key:
•
The Data Recovery Manager transport certificate has a public key used by
end-entity software to encrypt the private encryption key belonging to an end
entity so that it can be sent (via the Registration Manager) to the Data Recovery
Manager. The public key also corresponds to the private key used by the Data
Recovery Manager to sign the proof-of-archival token it sends to the
Registration Manager after storing an end entity's encryption key.
•
The Data Recovery Manager storage key is used by the Data Recovery
Manager to encrypt the end entity's encryption key (after it has been decrypted
with the Data Recovery Manager's private transport key) before the Data
Recovery Manager stores the encryption key in the local directory. Data
encrypted with the storage key can be retrieved only if m of n "split keys" are
provided at the same time by m of n authorized agents.
The Data Recovery Manager also requires at least one SSL server certificate. The
Data Recovery Manager's SSL server certificate (or certificates) can be unique to the
Data Recovery Manager or, if another subsystem are located in the same instance,
shared with that subsystem.
NOTE
For more information about the key pairs and certificates used by a Data Recovery
Manager, see "Data Recovery Manager's Key Pairs and Certificates" on page 446.
Online Certificate Status Manager Certificates
Every Online Certificate Status Manager must have a signing certificate whose
public key corresponds to the private key the Online Certificate Status Manager
uses to sign OCSP responses before sending them to OCSP-compliant clients. The
Online Certificate Status Manager's signature provides persistent proof to an
OCSP-compliant client that the Online Certificate Status Manager has processed
the request.
182
Netscape Certificate Management System Installation and Setup Guide • October 2001
If you want to use hardware tokens for generating and storing Data
Recovery Manager's key pairs, you'll need at least two tokens: one
exclusively for the storage key pair and the other for the remaining
key pairs. Be sure to install (and initialize, if required) these tokens
before you start the Data Recovery Manager installation.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 4.5 and is the answer not in the manual?