Wtls Ca Signing Certificate; Ocsp Signing Key Pair And Certificate - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 4.5:
Table of Contents
Advertisement
Keys and Certificates for the Main Subsystems
•
If the Certificate Manager is a subordinate CA, its CA signing certificate is
signed by another CA, usually the one that is a level above in the CA hierarchy
(which may or may not be a root CA). If you have deployed the Certificate
Manager as a subordinate CA in a CA hierarchy, you must import your root
CA's signing certificate into individual clients and servers before you can use
the Certificate Manager to issue certificates to them.
NOTE
wTLS CA Signing Certificate
During the installation of a Certificate Manager, you're given the option to enable
issuance of Wireless Transport Layer Security (wTLS)-compliant certificates for use
with wireless applications. If you chose to enable this option, the Installation
Wizard transparently generates a wTLS CA signing certificate.
Note that for the wTLS CA signing certificate, the wizard does not generate a
separate key pair. Instead, it uses the same key pair that you generated for the CA
signing certificate, which is explained in section "CA Signing Key Pair and
Certificate" on page 437. The subject name and validity period of the wTLS CA
signing certificate will be the same as the one you specified for the CA signing
certificate. The Certificate Manager uses the private key (that corresponds to the
public key used to generate the wTLS CA signing certificate) to sign both X.509 and
wTLS certificates it issues.
OCSP Signing Key Pair and Certificate
During the installation of a Certificate Manager, you're given the option to enable
its OCSP-service feature. This feature enables the Certificate Manager to function
as an OCSP responder, enabling OCSP-compliant clients to query the Certificate
Manager for the revocation status of certificates issued by the Certificate Manager.
For more information about an OCSP responder and setting up a Certificate
Manager to function as an OCSP responder, see Chapter 21, "Setting Up an OCSP
Responder."
438
Netscape Certificate Management System Installation and Setup Guide • October 2001
You cannot change the CA name; doing so would make all
previously issued certificates invalid. Similarly, reissuing a
Certificate Manager's CA signing certificate with a new key pair
invalidates all certificates that have been signed by the old key pair.
Advertisement
Table of Contents
