Data Recovery Manager Certificate And Storage Key; Online Certificate Status Manager Certificates - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.0:
- Manual (302 pages) ,
- Installation and migration manual (66 pages) ,
- Administrator's manual (470 pages)
Table of Contents
Advertisement
Subsystem Certificate Decisions
Data Recovery Manager Certificate and Storage
Key
The Data Recovery Manager needs a transport certificate and a storage key:
•
The transport certificate has a public key used by end-entity software to
encrypt the private encryption key belonging to an end entity so that it can be
sent (via the Registration Manager) to the Data Recovery Manager. The public
key also corresponds to the private key used by the Data Recovery Manager to
sign the proof-of-archival token it sends to the Registration Manager after
storing an end entity's encryption key.
•
The storage key is used by the Data Recovery Manager to encrypt the end
entity's encryption key (after it has been decrypted with the Data Recovery
Manager's private transport key) before the Data Recovery Manager stores the
encryption key in the local directory. Data encrypted with the storage key can
be retrieved only if m of n split keys are provided at the same time by m of n
authorized agents.
The Data Recovery Manager also requires at least one SSL server certificate. For
more information about the key pairs and certificates used by a Data Recovery
Manager, see "Data Recovery Manager's Key Pairs and Certificates" on page 427.
NOTE
Online Certificate Status Manager Certificates
Every Online Certificate Status Manager must have a signing certificate whose
public key corresponds to the private key the Online Certificate Status Manager
uses to sign OCSP responses before sending them to OCSP-compliant clients. The
Online Certificate Status Manager's signature provides persistent proof to an
OCSP-compliant client that the Online Certificate Status Manager has processed
the request.
The Online Certificate Status Manager also requires at least one SSL server
certificate. For more information about the key pairs and certificates used by a
Online Certificate Status Manager, see "Online Certificate Status Manager's Key
Pairs and Certificates" on page 429.
178
Netscape Certificate Management System Installation and Setup Guide • March 2002
If you want to use hardware tokens for generating and storing Data
Recovery Manager's key pairs, you'll need at least two tokens: one
exclusively for the storage key pair and the other for the remaining
key pairs. Be sure to install (and initialize, if required) these tokens
before you start the Data Recovery Manager installation.
Advertisement
Table of Contents
