Registration Manager - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.0:
- Manual (302 pages) ,
- Installation and migration manual (66 pages) ,
- Administrator's manual (470 pages)
Table of Contents
Advertisement
•
Invalidity date. Indicates the date on which the private key corresponding to
the public key certified by the certificate was (or is suspected to have been)
compromised.
Registration Manager
A Registration Manager is an optional component in the PKI, enabling you to
separate the registration process from the certificate-signing process. A
Registration Manager is typically installed on a different machine from the
Certificate Manager that it serves. During installation, you connect the Registration
Manager to a Certificate Manager and configure the Certificate Manager to trust
the Registration Manager. Once the trust is established, the Registration Manager
can perform a subset of the end-entity tasks performed by the Certificate Manager,
such as enrollment or renewal, on behalf of the Certificate Manager. A Registration
Manager cannot issue or revoke certificates by itself; instead, it evaluates
end-entity requests and forwards them to a Certificate Manager for action, such as
the issuing of a certificate. The Certificate Manager processes the requests and
issues the certificates. The Registration Manager then distributes the certificates to
the end entities.
Note that you can run multiple Registration Managers remotely, all reporting to a
single CA—a Certificate Manager—to verify user identities and process certificate
signing requests. The Certificate Manager's ability to support multiple Registration
Managers makes it more scalable and also adds an extra layer of security for the
CA. For example, you can set a policy that requires all clients to go through a
remote Registration Manager, and then have the remote Registration Manager
route all client requests to the Certificate Manager located inside a firewall.
The Registration Manager is designed to handle certificate life-cycle management
tasks—that is, the tasks required to maintain a certificate throughout its life cycle,
including the following:
•
Enrolling end entities (initial authentication and initiation to the PKI)
•
Enforcing policies such as request validation requirements, authentication
requirements, and certificate formulation
•
Distributing issued certificates
•
Coordinating certificate renewal
•
Coordinating storage of end users' private encryption keys with a Data
Recovery Manager
A Registration Manager's default forms for end-entity interactions can be used as is
or customized. For more information about default Registration Manager forms,
see "End Entities and Life-Cycle Management" on page 98.
Chapter 1
Introduction to Certificate Management System
System Overview
47
Advertisement
Table of Contents
