Cloning a Certificate Manager
Step 8. Establish Trust Between Master CA and
Clone CAs
For the master Certificate Manager to trust the clone Certificate Manager, you
associate the clone Certificate Manager as a trusted manager to the master Certificate
Manager. For details about trusted managers, see "Trusted Managers" on page 380.
The setup process involves the following steps:
•
Step A. Locate the Master CA's SSL Server Certificate
•
Step B. Create a Privileged-User Entry for Clone CAs
Step A. Locate the Master CA's SSL Server Certificate
Depending on which CA issued/signed the master Certificate Manager's SSL
server certificate, you can locate the certificate in either the internal database or the
certificate database (
•
If the issuer of the SSL server certificate is the master Certificate Manager itself,
you can locate the certificate in the internal database by going to the Retrieval
tab of the master Certificate Manager's end-entity interface.
•
If the issuer of the SSL server certificate is another CA, for example, a
third-party CA, you can locate the certificate in the certificate database by
using the
see Chapter 11 , "Certificate Database Tool" of CMS Command-Line Tools Guide.
Follow the instructions that's appropriate for you.
To locate the certificate in the Retrieval tab of the end-entity interface:
Open web browser window.
1.
Go the master Certificate Manager's end-entity interface. The URL is in
2.
h
Select the Retrieval tab, and in the left frame, click List Certificates.
3.
In the resulting form, click List.
4.
A list of certificates appear.
Locate the Certificate Manager's SSL server certificate by looking at the subject
5.
name of the certificate.
Typically, the SSL server certificate would be the second certificate.
Click Details.
6.
290
Netscape Certificate Management System Installation and Setup Guide • March 2002
cert7.db
command-line tool. For more information about this tool,
certutil
ttps://<hostname>:<SSL_port>
file).
or h
ttp://<hostname>:<port>
format.