Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual page 817

authority (CA). A certificate's validity can be verified by checking the CA's digital
signature using the techniques of public-key cryptography. To be trusted within a
public-key infrastructure (PKI), a certificate must be issued and signed by a CA
that is trusted by other entities enrolled in the PKI.
certificate authority (CA) A trusted entity that issues a certificate after verifying
the identity of the person or entity the certificate is intended to identify. A CA also
renews and revokes certificates and generates CRLs. The entity named in the issuer
field of a certificate is always a CA. Certificate authorities can be independent third
parties (such as the CAs listed at ) or
https://certs.example.com/client.html
a person or organization using certificate-issuing server software (such as Netscape
Certificate Management System). Certificate Management System makes it
possible to divide the role of a CA among one or more Registration Managers,
which handle most or all interactions with certificate owners, and a Certificate
Manager, which issues certificates.
certificate-based authentication Authentication based on certificates and
public-key cryptography. See also password-based authentication.
certificate chain A hierarchical series of certificates signed by successive
certificate authorities. A CA certificate identifies a certificate authority (CA) and is
used to sign certificates issued by that authority. A CA certificate can in turn be
signed by the CA certificate of a parent CA, and so on up to a root CA. Certificate
Management System allows any end entity to retrieve all the certificates in a
certificate chain.
Certificate Enrollment Protocol (CEP) A certificate management protocol jointly
developed by Cisco Systems and VeriSign, Inc. CEP is an early implementation of
Certificate Management Messages over Cryptographic Message Syntax (CMC).
CEP specifies how a device communicates with a CA, including how to retrieve the
CA's public key, how to enroll a device with the CA, and how to retrieve a CRL.
CEP uses PKCS #7 and PKCS #10. For more information about CEP, see
.
http://www.cisco.com/warp/public/778/security/821_pp.htm
certificate extensions An X.509 v3 certificate contains an extensions field that
permits any number of additional fields to be added to the certificate. Certificate
extensions provide a way of adding information such as alternative subject names
and usage restrictions to certificates. A number of standard extensions have been
defined by the PKIX working group. Older versions of Netscape browsers and
servers support Netscape-specific extensions that were required (mainly to
indicate certificate usage) before standard extensions were defined.
Glossary 817