Remote Administration Server Certificate - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Hide thumbs Also See for NETSCAPE MANAGEMENT SYSTEM 4.5:
Table of Contents

Advertisement

Remote Administration Server Certificate

Netscape Console (version 4.2) does not support the DSA key algorithm. To
workaround this problem, during the installation of a Certificate Manager, the
Installation Wizard transparently generates an SSL server certificate identified as
the Remote Administration Server Certificate. The Certificate Manager uses the
certificate for SSL server authentication to the remote administration interface,
Netscape Console. The certificate is self-signed, and is generated with RSA key
type and a key size of 512 bits. The validity period of the certificate is set to the
same validity period that you chose for the SSL server certificate, which is used by
the Certificate Manager for SSL server authentication to its HTTP interfaces; see
"SSL Server Key Pair and Certificate" on page 441.
Note that the remote administration server certificate is not listed in the internal
database, and thus, you'll not be able to list or search for it in the Retrieval tab of
the Certificate Manager's end-entity interface. However, you'll see the certificate if
you use the command-line tool, Certificate Database Tool (
certificates in the Certificate Manager's certificate database (the
The nickname for the certificate is
Remote Admin Server-Cert cert-<instance_id>
identifies the CMS instance in which the Certificate Manager is installed.
The CN component in both the subject name and issuer name of the certificate
is set to
CN=SSLserver cert-<instance_id>
Like any certificate, the remote administration server certificate has a validity
period. You must renew the certificate before it expires. For instructions to renew a
certificate, see "Renewing Certificates for the Subsystems" on page 494.
Note that the "SSL Server for Remote Admin" option in the Certificate Setup
Wizard allows you to renew the remote administration certificate by submitting
the request to a CA only—it doesn't allow you to renew the certificate as a
self-signed one (as done during installation). If the CA signing certificate of the CA
to which you submit the renewal request is based on the DSA key algorithm, then
resulting certificate will be unusable because Netscape Console doesn't support the
DSA algorithm.
If you want to self sign the certificate, you must use
extract the key ID from the key database first and the generate a certificate for the
key. The steps below outline how to use these tools to renew the certificate. Be sure
to check the CMS Command-Line Tools Guide for details on
tools to customize your commands to suit your requirements.
Note the name (also called nickname) of the remote administration SSL server
1.
certificate; the default name is
Remote Admin Server-Cert cert-<instance_id>
Keys and Certificates for the Main Subsystems
certutil
, where
.
certutil
certutil
.
Chapter 14
Managing CMS Keys and Certificates
) to list
file):
cert7.db
<instance_id>
and
tools to
keyutil
and
keyutil
443

Advertisement

Table of Contents
loading

Table of Contents