Flexible End-Entity Registration Services Framework - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.0:
- Manual (302 pages) ,
- Installation and migration manual (66 pages) ,
- Administrator's manual (470 pages)
Table of Contents
Advertisement
Overview of Key Features
PKCS #11 hardware support for smart cards and crypto accelerators
Certificate Management System supports smart cards and crypto accelerators
provided by various third-party vendors of PKCS #11 version 2.01-compliant
products.
You can configure the server to use different PKCS #11 modules to generate and
store key pairs (and certificates) for the Certificate Manager, Registration Manager,
and Data Recovery Manager. Using hardware for key storage (especially for
Certificate Manager and Data Recovery Manager key pairs) reduces the risk of key
compromise, because hardware tokens don't reveal keys or provide means for
them to be revealed, once the keys are generated in the hardware. Note that
PKCS#11 hardware devices also provide key backup and recovery features for
backup and recovery of the key material stored on the hardware token. Be sure to
refer to the PKCS #11 vendor documentation on this subject.
For information on configuring Certificate Management System to use hardware
tokens for generating and storing its key pairs and certificates, see "Tokens for
Storing CMS Keys and Certificates" on page 431.
Support for Netscape client and server products; client independence
for non-Netscape products
Certificates issued by Certificate Management System work with existing Netscape
client and server products that support SSL. The certificates also work (out of the
box) with a variety of non-Netscape, standards-compliant applications.
Highly scalable certificate data store
Certificate Management System uses a highly scalable, high-performance
certificate storage facility—a preconfigured version of Netscape Directory Server
6.x that's automatically installed with Certificate Management System—enabling
you to issue and manage a large number of certificates. For more information, see
Chapter 12, "Setting Up Internal Database."
Flexible end-entity registration services framework
The registration services framework for end entities includes the most commonly
expected PKI features: manual, directory-based, directory- and PIN-based,
NIS-based, and portal enrollments; certificate-authenticated renewals and
revocations (based on SSL client authentication); certificate life-cycle operations
that include automated certificate renewal and expiration notifications. These
features are available out of the box for both Certificate Manager and Registration
Manager.
Chapter 1
Introduction to Certificate Management System
37
Advertisement
Table of Contents
