Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual page 218
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 4.5:
Table of Contents
Advertisement
Installation Overview
•
If you want to install a standalone Online Certificate Status Manager:
•
If you want to install two subsystems in a CMS instance, for example, a
Certificate Manager along with a Data Recovery Manager, collect the
information for both the subsystems.
218
Netscape Certificate Management System Installation and Setup Guide • October 2001
Identify the CA to which you'll submit the Data Recovery Manager's
transport certificate and SSL server certificate requests. Make sure the CA is
running and, if required, identify the forms you'll use to submit these
requests.
If you plan to use hardware tokens for generating and storing Data
Recovery Manager's key pairs, you'll need at least two tokens: one
exclusively for the storage key pair and the other for the remaining key
pairs. Be sure to install (and initialize, if required) these tokens before you
start the Data Recovery Manager installation. For installation instructions,
see "Installing External Tokens" on page 451.
Read and fill in the information requested in the Online Certificate Status
Manager installation worksheet; see "Online Certificate Status Manager
Configuration" on page 207.
Identify the CA to which you'll submit the Online Certificate Status
Manager's signing certificate and SSL server certificate requests. Make sure
the CA is running and, if required, identify the forms you'll use to submit
these requests. For Online Certificate Status Manager's signing certificate
to work properly, it must contain the following extensions:
extension—Presence of this extension indicates that an OCSP
OCSPNoCheck
client should not use OCSP to check the revocation status of the OCSP
responder certificate, because the certificate is only used to identify the
responder that does the checking. (This extension is required to avoid a
circular reference.) For details about this extension, see section
"OCSPNoCheckExt Plug-in Module" of CMS Plug-ins Guide.
extension—This is an Extended Key Usage extension with a
OCSPSigning
unique value,
OCSPSigning
key pair that corresponds to the certificate used by the OCSP responder
can be used for signing OCSP responses. For details about this extension,
see section "OCSPSigningExt Rule" of CMS Plug-ins Guide.
Make sure the Certificate Manager to which you'll submit the Online
Certificate Status Manager's signing certificate request has these policies
enabled.
. Presence of this extension indicates that the
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 4.5 and is the answer not in the manual?