Privileged-User Types and Responsibilities
You can configure a Data Recovery Manager to delegate its end-entity interactions
to a trusted Certificate Manager or Registration Manager for security reasons; the
Data Recovery Manager trusts the Certificate Manager or Registration Manager
and services all key archival and recovery requests initiated by this subsystem. For
example, as illustrated in figure below, you might deploy one or more Certificate
Managers or Registration Managers to send key archival or recovery requests to a
Data Recovery Manager.
Connectors for Linking Trusted Managers
Certificate Management System supports proprietary HTTPS connectors for
linking CMS subsystems. You can use these connectors to make the following
connections:
•
Registration Manager to Certificate Manager
•
Registration Manager to Registration Manager
•
Registration Manager to Data Recovery Manager
•
Certificate Manager to Data Recovery Manager
•
Certificate Manager to Certificate Manager (in a cloned-CA setup, which is
explained in "Cloning a Certificate Manager" on page 286)
Figure 13-2 illustrates how a trusted Registration Manager communicates with a
Certificate Manager.
396
Netscape Certificate Management System Installation and Setup Guide • October 2001