How The Manual Server Enrollment Process Works - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Certificate Issuance to Servers
Once an administrator generates a CSR for a server, he or she must paste it into the
appropriate server enrollment form hosted by a Registration Manager or
Certificate Manager, and then submit the request. Upon receipt of the request,
Certificate Management System responds as follows:
Verifies the validity and authenticity of the request.
1.
The authentication mechanism that Certificate Management System uses is
based on the authentication mechanism specified in the enrollment form the
administrator uses to submit the certificate request. For example, if the
enrollment form was configured to employ directory-based authentication,
Certificate Management System checks the configured directory for the
appropriate information. On the other hand, if the enrollment form specifies
manual authentication, the request gets queued and awaits approval by an
agent.
Subjects the request to policy checks.
2.
If the request passes all the policy rules, Certificate Management System
generates the server certificate and sends it to the email address specified in the
server certificate request (the enrollment form includes a field for the
administrator to enter this information). Otherwise, Certificate Management
System logs an error message.
Upon receipt of the certificate, the server administrator installs the certificate in the
server's certificate database.
How the Manual Server Enrollment Process
Works
Figure 24-1 illustrates how Certificate Management System issues a server
certificate in a deployment scenario involving a Registration Manager acting as an
enrollment authority to a Certificate Manager. The server certificate is requested
via a manual enrollment form hosted by the Registration Manager.
798 Netscape Certificate Management System Installation and Setup Guide • October 2001