Changing The Trust Settings Of A Ca Certificate - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual

Changing the Trust Settings of a CA Certificate

Certificate Management System relies on the CA certificates in its certificate
database for validating certificates it receives during an SSL-enabled
communication. For example, when a Certificate Manager is authenticating a
Registration Manager that has sent a certificate signing request, the Certificate
Manager checks its certificate database to see whether the CA that has signed the
certificate presented by the Registration Manager is included in the database as a
trusted CA.
You may need to change the status of a currently trusted CA to untrusted (or vice
versa) temporarily or permanently. For example, you may be notified that a CA is
experiencing technical difficulty that prevents certificate authentication. By making
the CA certificate untrusted, you can prevent entities whose certificates have been
signed by that CA from successfully authenticating to Certificate Management
System. You can then return the trust option to trusted when the CA notifies you
that the problem has been resolved.
If you want to untrust a CA permanently, you should consider removing its
certificate from the trust database altogether. For instructions, see "Deleting a
Certificate From the Certificate Database" on page 484.
Changing the trust setting changes the trust flag (or bit) in the CA certificate. To
change the trust setting of a CA certificate:
Log in to the CMS window (see "Logging In to the CMS Window" on
1.
page 333).
Select the Configuration tab, and then in the right pane, select the Encryption
2.
tab.
Click Manage Certificate.
3.
The Certificate Database Management window appears.
The window lists the certificates currently installed for the selected CMS
instance; the list is a table, with each certificate occupying a row.
Managing the Certificate Database
Chapter 14 Managing CMS Keys and Certificates 485