Revocation Status Checking Of Agent Certificates - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.0:
- Manual (302 pages) ,
- Installation and migration manual (66 pages) ,
- Administrator's manual (470 pages)
Table of Contents
Advertisement
Privileged-User Types and Responsibilities
Copy the base-64 encoded certificate, including the
7.
CERTIFICATE-----
file.
The copied information should look similar to the following example:
-----BEGIN CERTIFICATE-----
MIICJzCCAZCgAwIBAgIBAzANBgkqhkiG9w0BAQQFADBCMSAwHgYDVQQKExdOZXRzY2FwZSBDb21tdW5pY2
F0aW9uczngjhnMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyNzE5MDAwMFoXDTk5MDIyMzE5MDA
wMnbjdgngYoxIDAeBgNVBAoTF05ldHNjYXBlIENvbW11bmljYXRpb25zMQ8wDQYDVQQLEwZQZW9wbGUxFz
AVBgoJkiaJkIsZAEBEwdzdXByaXlhMRcwFQYDVQQDEw5TdXByaXlhIFNoZXR0eTEjMCEGCSqGSIb3Dbndg
JARYUc3Vwcml5YUBuZXRzY2FwZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAoYiYgthgtbbnjfngj
njgnagwJjAOBgNVHQ8BAf8EBAMCBLAwFAYJYIZIAYb4QgEBAQHBAQDAgCAMA0GCSq
-----END CERTIFICATE-----
Save the text file and use it to store a copy of the certificate in a subsystem's
8.
internal database (see "Step 3. Store the Agent's SSL Client Certificate in the
Internal Database" on page 395).
Revocation Status Checking of Agent Certificates
You can configure a Certificate Manager and Registration Manager to check the
revocation status of an agent's certificate the server receives during SSL client
authentication. You can configure a Data Recovery Manager (or Online Certificate
Status Manager) to check the revocation status of its agents' certificates only if you
have deployed an OCSP responder and have issued agent certificates with
Authority Information Access extension pointing to the OCSP responder. For
information about adding Authority Information Access extension to certificates,
see "Configuring Policy Rules for a Subsystem" on page 569. For information about
setting up an OCSP responder, see Chapter 21, "Setting Up an OCSP Responder."
NOTE
378
Netscape Certificate Management System Installation and Setup Guide • March 2002
and
-----END CERTIFICATE-----
The CMS configuration file (
jss.ocspcheck.enable
CMS manager should use Online Certificate Status Protocol (OCSP)
to verify the revocation status of the certificate it receives as a part
of SSL client or server authentication (from clients or servers it
makes connections with). If you change the value of this parameter
to
, the CMS manager reads the Authority Information Access
true
extension in the certificate and verifies the revocation status of the
certificate from the OCSP responder specified in the extension.
-----BEGIN
) includes a parameter named
CMS.cfg
, which enables you to specify whether a
marker lines, to a text
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 6.0 and is the answer not in the manual?