Transport Key Pair And Certificate; Storage Key Pair - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.0:
- Manual (302 pages) ,
- Installation and migration manual (66 pages) ,
- Administrator's manual (470 pages)
Table of Contents
Advertisement
Keys and Certificates for the Main Subsystems
Transport Key Pair and Certificate
Every Data Recovery Manager you have installed has a Data Recovery Manager
transport certificate. The public key of the key pair that is used to generate the
transport certificate is used by the client software to encrypt an end user's
encryption private key before it is sent to the Data Recovery Manager for archival;
only those clients capable of generating dual-key pairs (one for signing and one for
encryption) use the transport certificate. For more information on how this
certificate is used, see "Key Archival Process" on page 717.
The first time you generated this certificate is when you installed the Data
Recovery Manager. The default nickname for the certificate is
kraTransportCert cert-<instance_id>
CMS instance in which the Data Recovery Manager is installed.
The transport certificate was issued by the CA to which you submitted the
certificate signing request. You might have submitted the request to the Certificate
Manager that is installed in the same instance, internally deployed another CA, or a
public CA. To find out the issuer name, follow the instructions in "Viewing the
Certificate Database Content" on page 482.
Storage Key Pair
Every Data Recovery Manager you have installed has a Data Recovery Manager
storage key pair. The first time you generated this key pair is when you installed the
Data Recovery Manager.
The Data Recovery Manager uses the public component of this key pair to encrypt
(or wrap) end users' encryption private keys during the key archival operation; it
uses the private component to decrypt (or unwrap) the archived key during the
recovery operation. That is, the public key is used to encrypt the key repository the
server uses to store end users' encryption private keys. For more information on
how this key pair is used, see Chapter 22, "Setting Up Key Archival and Recovery."
Note that the public component of the storage key pair is not certified; there is no
certificate that corresponds to the public key.
Keys encrypted with the storage key can be retrieved only by authorized key
recovery agents. For details, see "Key Recovery Agents and Their Passwords" on
page 721.
428
Netscape Certificate Management System Installation and Setup Guide • March 2002
, where
<instance_id>
identifies the
Advertisement
Table of Contents
