Deploying Certificate Manager's Renewed Ca Signing Certificate; Deploying Registration Manager's Renewed Signing Certificate - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.0:
- Manual (302 pages) ,
- Installation and migration manual (66 pages) ,
- Administrator's manual (470 pages)
Table of Contents
Advertisement
Renewing Certificates for the Subsystems
For all certificates, make sure the that CA-chain verification takes place smoothly.
For example, if you requested the certificate from a different CA, be sure to import
a CA certificate into the certificate database of the subsystem using the Certificate
Setup Wizard. For instructions, see "Using the Wizard to Install a Certificate or
Certificate Chain" on page 452. After you install the CA certificate, you can follow
the instructions in see "Changing the Trust Settings of a CA Certificate" on
page 485 to trust the CA certificate you imported.
Deploying Certificate Manager's Renewed CA Signing Certificate
If you renewed a CA signing certificate, deploy it in the PKI environment that
depends on this certificate for validation. For example, you'll need to add the
renewed CA certificate to the certificate databases of clients that trust this CA.
Similarly, if you have configured the Certificate Manager to publish CRLs to a
Online Certificate Status Manager, you will need to identify the Certificate
Manager to the Online Certificate Status Manager again. For details, see "Step 3.
Identify the CA to the OCSP Responder" on page 690.
You might also need to get a new agent certificate. For instructions, see the
procedure outlined in "Deploying Certificate Manager's CA Signing Certificate"
on page 470.
Deploying Registration Manager's Renewed Signing Certificate
Here's what you must do:
Install the renewed signing certificate in the subsystem's certificate database.
1.
Because the Registration Manager uses its signing certificate for SSL client
authentication to the subsystems, you must add the renewed signing certificate
to the internal database of all subsystems that have been configured to receive
requests from the Registration Manager.
To add the renewed certificate to a subsystem's internal database:
a.
b.
c.
478
Netscape Certificate Management System Installation and Setup Guide • March 2002
Note the instance ID and host name of the Registration Manager for which
you got the signing certificate; this information will help you to identify
the Registration Manager in a subsystem's list of privileged users.
Copy the renewed signing certificate, in its base-64 encoded format, to a
text file.
Add the renewed certificate to the individual subsystem's internal
database following the instructions in "Changing a Privileged User's
Certificate" on page 414. Repeat this step for all subsystems that receive
requests from this Registration Manager.
Advertisement
Table of Contents
