Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual page 518
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 4.5:
Table of Contents
Advertisement
Introduction to Authentication
Revoking a certificate using the challenge password is useful in certain
situations. For example, if you issue a single certificate to a user and the user is
unable to use the certificate due to loss of corresponding key pair, it's not
possible for the user to revoke his or her own certificate using the SSL client
authenticated revocation method. If the user has a challenge password for the
certificate, he or she can use it to revoke the certificate the server maintains in
its database.
Forms for both methods are available through the End Entity Services interface
(HTTPS only) of the Certificate Manager and Registration Manager; see "Certificate
Revocation Forms" on page 520.
Here are a few common points to keep in mind about the automated revocation of
end users' certificates:
•
A Certificate Manager can revoke only those certificates that it has issued; it
cannot revoke certificates issued by other CAs.
•
If the revocation request is processed by a Registration Manager, it must be
connected as a trusted manager to the Certificate Manager that has issued the
certificate the user is attempting to revoke; the Registration Manager forwards
certificate revocation requests to this Certificate Manager. For information on
trusted managers, see "Trusted Managers" on page 394.
•
The certificate the user attempts to revoke must be currently valid or must
have expired; it cannot have been already revoked.
•
At the time of revocation, the user can also specify additional details, such as
the date of revocation and revocation reason, for each certificate or for the list
as a whole.
SSL Client Authenticated Revocation
In an SSL client authenticated revocation method, the server expects the end user
to present a certificate that has the same subject name as the one he or she wants to
revoke and uses that for authentication purposes. The server verifies the
authenticity of a revocation request by mapping the subject name in the certificate
being presented for client authentication to certificates in its internal database. The
server revokes the certificate only if the certificate maps successfully to one or more
valid or expired certificates in its internal database.
After successful authentication, if the server detects only one valid or expired
certificate with matching subject name as that of the one presented for client
authentication, it revokes the certificate. If the server detects more than one valid or
expired certificate with matching subject name, it lists all those certificates. The
user can then either select the certificate to be revoked or revoke all certificates in
the list.
518
Netscape Certificate Management System Installation and Setup Guide • October 2001
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE