Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual page 499
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.0:
- Manual (302 pages) ,
- Installation and migration manual (66 pages) ,
- Administrator's manual (470 pages)
Table of Contents
Advertisement
Here are a few things, in addition to the ones listed on page 498, to keep in mind
about SSL client authenticated revocation:
•
The certificate being presented by the user for revocation must be issued by a
Certificate Manager.
•
If the revocation request is processed by a Registration Manager, the certificate
presented for SSL client authentication must be issued by a Certificate Manager
that the Registration Manager knows about and is connect to (the Registration
Manager forwards certificate requests to this Certificate Manager for signing).
•
The certificate being presented by the user for revocation must be currently
valid or must have expired; it cannot have been already revoked.
•
The user can revoke only certificates that contain the same subject name as the
one in the certificate presented for authentication.
Challenge-Password-Based Revocation
A challenge password is a unique, alphanumeric string that the end user specifies
when requesting a certificate; the user is expected to keep this password
confidential and use it to authenticate to the server when revoking the certificate.
When the server issues the certificate, it associates the password with the
certificate, stores both the certificate and password in its internal database, and
uses them later for authenticating any revocation requests.
In the challenge-password-based revocation method, the server expects the end
user to specify the serial number of the certificate the user wants to revoke and the
challenge password associated with the certificate. The server verifies the
authenticity of a revocation request by mapping the serial number to the list of
certificates in its internal database followed by mapping the challenge password
specified to the one associated with the matching certificate it detects in the internal
database.
The server revokes the certificate only if the certificate maps successfully to one or
more valid or expired certificates in its internal database. If the server detects only
one valid or expired certificate with a matching serial number and challenge
password, it automatically revokes the certificate. If the server detects more than
one valid or expired certificates with matching serial numbers, it lists all those
certificates. The user can then select the certificate to be revoked or revoke all
certificates in the list.
Here are a few things, in addition to the ones listed on page 498, to keep in mind
about the challenge-password-based revocation:
•
The certificate being presented by the user for revocation must be issued by a
Certificate Manager.
Introduction to Authentication
Chapter 15
Setting Up End-User Authentication
499
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN