1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Software
  5. NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
  6. Manual

Netscape MANAGEMENT SYSTEM 6.2 - AGENT GUIDE Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Agent's Guide
Netscape Certificate Management System
Version 6.2
June 2003

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE

Summary of Contents for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE

  • Page 1 Agent’s Guide Netscape Certificate Management System Version 6.2 June 2003...
  • Page 2 Netscape Communications Corporation ("Netscape") and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as "Software") and related documentation. Use of the Software and related documentation is governed by the license agreement for the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.

  • Page 3: Table Of Contents

    Contents About This Guide ............. . . 7 Who Should Read This Guide .
  • Page 4 To Approve a Certificate Profile ............33 To Disapprove a Certificate Profile .
  • Page 5 Selecting a Request ..............82 Chapter 7 Managing OCSP Service Related Tasks .
  • Page 6 Netscape Certificate Management System Agent’s Guide • June 2003...

  • Page 7: About This Guide

    About This Guide This guide describes the Agent Services interface that Netscape Certificate Management System (CMS) agent uses to administer a subsystem’s certificates and keys. This preface contains the following sections: • Who Should Read This Guide • What You Should Know •...

  • Page 8: What's In This Guide

    What’s in This Guide • Encryption and decryption • Public keys, private keys, and symmetric keys • Digital signatures • The role of digital certificates in a public-key infrastructure (PKI) • Certificate hierarchies • SSL cipher suites • The purpose of and major steps in the SSL handshake What’s in This Guide This guide describes the duties of the agents for the various CMS subsystems and explains how to accomplish each task.

  • Page 9: Conventions Used In This Guide

    Conventions Used in This Guide Chapter 4, “Finding and Explains how, as a Certificate Manager agent, Revoking Certificates” you can use the Agent Services page to find and examine a specific certificate issued by Certificate Management System, or retrieve a list of certificates that match specified criteria.
  • Page 10 Conventions Used in This Guide Boldface Boldface type is used for various UI components such as captions and field names, and the terminology explained in the glossary. Example: Rotation frequency. From the drop-down list, select the interval at which the server should rotate the active error log file.

  • Page 11: Documentation

    Documentation CAUTION A caution signals a potential risk of losing data, damaging software or hardware, or otherwise disrupting system performance. Documentation All documentation is installed with the product and can be accessed from the help system. Further, the documentation can also be accessed from the installed product in the following directory: <server_root>/manual/en/ The documentation set for CMS includes the following:...
  • Page 12 Documentation Netscape Certificate Management System Agent’s Guide • Release 2003...

  • Page 13: Chapter 1 Agent Services

    Chapter 1 Agent Services This chapter describes the role of the privileged users called agents in managing Netscape Certificate Management System (CMS). It also introduces the tools that agents use to administer service requests. This chapter contains the following sections: •...
  • Page 14 Overview of Certificate Management System End entities and CAs may be in different geographic or organizational areas or in completely different organizations. CAs may include third parties that provide services through the Internet as well as the root CAs and subordinate CAs for individual organizations.
  • Page 15 Overview of Certificate Management System reliable authentication services and therefore trusts any signed requests it submits. The Certificate Manager processes the requests and issues the certificates. The Registration Manager then distributes the certificates to the end entities. • Data Recovery Manager—A Data Recovery Manager oversees the long-term archival and recovery of private encryption keys for end entities.
  • Page 16 Overview of Certificate Management System other aspects of the PKI. This guide describes the tasks that agents can perform. End entities access Registration Manager or Certificate Manager subsystems to enroll in a PKI and to take part in other life-cycle management operations, such as renewal or revocation.

  • Page 17: Agent Tasks

    Agent Tasks Agent Tasks The designated agents for each subsystem are responsible for the everyday management of end-entity requests and other aspects of the PKI: • Certificate Manager agents manage certificate requests received by the Certificate Manager subsystem, maintain and revoke certificates as necessary, and maintain global information about certificates.
  • Page 18 Agent Tasks Figure 1-2 Certificate Manager Agent Services page As a Certificate Manager agent, you can perform the following tasks: • Handle certificate requests. You can list the certificate service requests received by the Certificate Manager subsystem, assign requests to yourself, reject or cancel requests, and approve requests for certificate enrollment.

  • Page 19: Registration Manager Agent Services

    Agent Tasks • Update the CRL. The Certificate Manager maintains a public list of certificates that have been revoked, called the certificate revocation list (CRL). The list is usually maintained automatically, but you may sometimes need to use the Certificate Manager Agent Services page to update the list manually.

  • Page 20: Data Recovery Manager Agent Services

    Agent Tasks Figure 1-3 Registration Manager Agent Services page As a Registration Manager agent, you can handle certificate requests. You can list the certificate service requests received by the Registration Manager subsystem, assign requests to yourself, reject or cancel requests, clone requests, and approve enrollment requests to be passed on to the Certificate Manager for issuance.

  • Page 21: Online Certificate Status Manager Agent Services

    Agent Tasks Figure 1-4 Data Recovery Manager Agent Services page As a Data Recovery Manager agent, you can perform the following tasks: • List key recovery requests from end entities. • List or search for archived keys. • Initiate the recovery of private data-encryption keys. Key recovery requires the authorization of one or more recovery agents.

  • Page 22: Forms For Performing Agent Operations

    Forms for Performing Agent Operations Figure 1-5 Online Certificate Status Manager Agent Services page As a Online Certificate Status Manager agent, you can perform the following tasks: • Checking which CAs are currently configured to publish their CRLs to the Online Certificate Status Manager.
  • Page 23 Forms for Performing Agent Operations As a subsystem agent with the proper certificate, you use the Agent Services page to access the forms you need to perform the agent tasks. Table 1-1 describes each of these HTML forms. Table 1-1 Forms used for agent operations Form name Description...
  • Page 24 Forms for Performing Agent Operations Table 1-1 Forms used for agent operations (Continued) Form name Description List Requests Use this form to find and examine requests for key services. Only Data (Data Recovery Manager) Recovery Manager agents can use this form. For instructions on using this form, see“Viewing Key Service Requests”...

  • Page 25: Accessing Agent Services

    Accessing Agent Services Table 1-1 Forms used for agent operations (Continued) Form name Description Agent-Initiated User Enrollment Use this form to enable Directory based Agent-initiated User (RA) Enrollment. Once this feature is enabled agents can enroll users by using a simple enrollment form on the user’s behalf. Manage Certificate Profiles Use this form to Enable and Disable supported Certificate Profiles.
  • Page 26 Accessing Agent Services After you submit this initial Administrator/Agent Certificate Enrollment form, it is automatically disabled, so that no one else can acquire a certificate without agent approval or some form of automated authentication. The system automatically adds the initial user to the list of agents. To enroll for the first agent certificate, you should be working at the computer you intend to use as the agent, so that the new certificate will be installed in the browser you will be using to access the Agent Services pages.
  • Page 27 Accessing Agent Services Email address. Email address of administrator/agent. Organization unit. Name of the organization unit to which the administrator/agent belongs. Organization. Name of the company or organization the administrator/agent works for. Country. Two-letter code for the administrator/agent’s country. User’s Key Length Information section: Key Length.

  • Page 28: Agent Services Entry Page

    Accessing Agent Services Open the file in a text editor, and find the following line: CMS.cfg cmsGateway.enableAdminEnroll=false Change , and save the file. false true Start the server from the CMS window where you stopped it. (Alternatively, right-click on the name of the instance in the left frame and choose Start Server.) At this point, the server asks you for the single sign-on password you specified during installation.

  • Page 29: Chapter 2 Working With Certificate Profiles

    Chapter 2 Working with Certificate Profiles As a Certificate Manager or Registration Manager agent, you are responsible for approving certificate profiles that have been configured by a CMS administrator. You also manager and approve requests that come from certificate profile enrollments.
  • Page 30 About Certificate Profiles For example, a certificate profile could be set up for user certificates that defines all aspects of that certificate including the validity period of the issued certificate. A default can be set up that defines the validity period as two years. A constraint can be set up so that the validity period for certificates issued from requests submitted to this certificate profile cannot exceed two years.

  • Page 31: How Certificate Profiles Work

    How Certificate Profiles Work An output specifies how the response page to a successful enrollment is presented. It usually displays the certificate in a user-readable format. A single output has been created that shows the pretty print version of the resultant certificate. How Certificate Profiles Work An administrator sets up a certificate profile by associating an existing authentication plug-in, or method, with the certificate profile, enabling and...

  • Page 32: Enabling And Disabling Certificate Profiles

    Enabling and Disabling Certificate Profiles The issued certificate contains the content defined in the defaults for this certificate profile, such as the extensions and validity period for the certificate, and the content of the certificate is constrained by the constraints set up for each default. You can set up more than one set of policies (defaults and constraints), distinguishing each set by using the same value in the Policy Set ID for each set.

  • Page 33: End User Certificate Profile

    Enabling and Disabling Certificate Profiles End User Certificate Profile If the End User Field of the certificate profile is marked true, then this certificate profile will appear as an enrollment in the end-entity interface. If the End User Field of the certificate profile is marked false, then this certificate profile will not appear in the end-entity interface.

  • Page 34: To Disapprove A Certificate Profile

    Enabling and Disabling Certificate Profiles Once a certificate profile is enabled, administrators cannot change any aspect of the certificate profile. The certificate profile must first be disapproved for an administrator to change any aspect of the certificate profile. To Disapprove a Certificate Profile A certificate profile can only be disapproved, thus disabled, the agent who approved the certificate profile.

  • Page 35: Chapter 3 Handling Certificate Requests

    Chapter 3 Handling Certificate Requests As a Certificate Manager or Registration Manager agent, you are responsible for handling both manual enrollment requests made by end entities (end users, server administrators, or other CMS subsystems) and automated enrollment requests that have been deferred. This chapter describes the general procedure for handling requests and explains how to handle different aspects of certificate request management.
  • Page 36 Managing Requests Process the request (see “Approving Requests” on page 42 and “Other Options for Handling Requests” on page 48). In processing a request for a certificate, you can choose to take one of the following actions: Approve the request. You can approve a request manually, or it can be approved automatically by policy modules if the request has been authenticated by an authentication module (and if the CMS administrator has configured the system to do this).
  • Page 37 Managing Requests Validate the request. You can validate a request that uses a Certificate Profile in order to see if the request complies with the defaults and constraints dictated by the Certificate Profile. Once again, this action merely checks the request’s correctness and does not result in submission of the request.
  • Page 38 Managing Requests Figure 3-1 The certificate request management process Netscape Certificate Management System Agent’s Guide • June 2003...

  • Page 39: Listing Certificate Requests

    Listing Certificate Requests Listing Certificate Requests The Certificate Manager or Registration Manager keeps a queue of all certificate service requests that have been submitted to it. The queue records whether a request is pending, completed, canceled, or rejected. Four types of requests can be in the queue: •...
  • Page 40 Listing Certificate Requests Choose the type of requests you want to see by selecting one of the following from the “Request type” menu: Show enrollment requests Show renewal requests Show revocation requests Show all requests Choose the status of requests you want to see by selecting one of the following from the “Request status”...

  • Page 41: Selecting A Request

    Listing Certificate Requests Choose the number of matching requests you want to see. When you specify a number n, the system displays the first n requests after the starting sequence number that matches your specified criteria. Click Find to display the list of requests that match your specified criteria. The Request Queue form appears.

  • Page 42: Approving Requests

    Approving Requests When you have found the request you want, click Details at the left. The Request details form appears, showing detailed information about the selected request. Use this form to approve or otherwise handle the request. For more information, see “Approving Requests” on page 42 and “Other Options for Handling Requests”...

  • Page 43: Adjusting, Verifying, And Approving A Certificate Profile Request

    Approving Requests The approval and issuing process has the following stages: • Adjusting, Verifying, and Approving a Certificate Profile Request • Assigning a Request • Adjusting, Verifying, and Approving a Request • Sending an Issued Certificate to the Requester Adjusting, Verifying, and Approving a Certificate Profile Request Before you verify and approve a request, you can adjust some of the parameters, such as the subject name and validity period.

  • Page 44: Assigning A Request

    Approving Requests To change any of the information that will be contained in the certificate, such as the subject name or validity period, change the settings in the Policy Information table contained in the certificate profile request. The policies contained in this certificate profile will be listed in this table detailing the policy, providing the specific values for this certificate, and providing the constraints for each policy.

  • Page 45: Adjusting, Verifying, And Approving A Request

    Approving Requests When you view the details of an unassigned request, you can click “assign to me” to assign it to yourself. The request is immediately assigned to you, and the Request Details page reflects the assignment. If you leave the page without approving, rejecting, or canceling the request, the request remains in the queue with the status of Pending, but it is assigned to you.
  • Page 46 Approving Requests To change the subject name, enter a new value in the Subject Name field. For example, you might need to change the subject name to prevent duplications or to correct spelling errors. Nothing prevents you from issuing many different certificates with the same subject name. However, in current versions of Netscape software (Netscape Navigator, Netscape Communicator, and Netscape servers), you cannot install more than one certificate with a particular subject name.
  • Page 47 Approving Requests Note that additional extensions can be set by means of policy modules, which must be configured by the CMS administrator. If you want to add extensions other than Netscape certificate type extensions, you can paste a base-64 encoding of the extension in the “Additional Extensions”...

  • Page 48: Other Options For Handling Requests

    Approving Requests If the request is for a CMS manager’s certificate, select the check box labeled “This certificate is for a Trusted Manager.” If the request is for a CMS agent’s certificate, select the check box labeled “This certificate is for a name of manager agent.” You must also type a user ID for the new manager or agent.

  • Page 49: Sending An Issued Certificate To The Requester

    Approving Requests Sending an Issued Certificate to the Requester When the Certificate Manager has issued a certificate in response to a request, the user who requested it must receive a copy of it to install locally. End users install their own certificates in their client software. Server administrators install their servers’...
  • Page 50 Approving Requests Figure 3-2 A newly issued certificate page To copy and mail a new server certificate to the requester, follow these steps: Open a new email message composition window and address it to the requester. From the Agent Services window where the new certificate is displayed, copy only the base-64 encoded certificate.
  • Page 51 Approving Requests Go to the Agent Services gateway, click List Requests in the left frame, enter the serial number for the request that you approved, and click Find. In the Request Queue form, click Details beside the relevant request, then right-click the certificate serial number and choose Open Frame in New Window from the pop-up menu.
  • Page 52 Approving Requests Netscape Certificate Management System Agent’s Guide • June 2003...

  • Page 53: Chapter 4 Finding And Revoking Certificates

    Chapter 4 Finding and Revoking Certificates As a Certificate Manager agent, you can use the Agent Services page to find a specific certificate issued by Netscape Certificate Management System or to retrieve a list of certificates that match specified criteria. You can examine certificates that you have retrieved.
  • Page 54 Basic Certificate Listing To find a certificate with a specific serial number, enter the serial number in both the upper limit and lower limit fields of the List Certificates form, in either decimal or hexadecimal form. to indicate the beginning of a hexadecimal number; for example, .

  • Page 55: Advanced Certificate Search

    Advanced Certificate Search Click Find. Certificate Management System displays a list of the certificates that match your search criteria. You can select a certificate in the list and examine it in more detail or perform various operations on it. For more information, see “Examining Certificates”...
  • Page 56 Advanced Certificate Search To search by particular criteria, use one or more of the sections of the Search for Certificates form. The form is quite long; scroll down to see the different sections. To use a section, select the appropriate check box, then fill in any necessary information. Serial Number Range.
  • Page 57 Advanced Certificate Search To list certificates revoked within a time period, select the day, month, and year from the drop-down lists to identify the beginning and end of the period. To list certificates revoked by a particular agent, enter the name of the agent.
  • Page 58 Advanced Certificate Search For each type, choose from the drop-down list to find certificates where that type is On, Off, or Absent. To find a certificate with a specific subject name, use the Subject Name section. Select the check box, then enter the subject name criteria. Enter values for the fields you want included in your search criteria and leave the others blank.
  • Page 59 Advanced Certificate Search Select Partial to search for all certificates with subject names that match at least the components you have specified but that may also have any values in the components you have left blank. You can specify wildcard patterns in this type of search by using the question mark character ( ) to match an arbitrary single character and the asterisk character (...

  • Page 60: Examining Certificates

    Advanced Certificate Search Examining Certificates To examine the details of a certificate, follow these steps: On the Agent Services page, click List Certificates or Search for Certificates, specify search criteria, and click Find to display a list of certificates. For details of how to specify criteria, see “Basic Certificate Listing” on page 53 and “Advanced Certificate Search”...

  • Page 61: Revoking Certificates

    Revoking Certificates The certificate is shown in base-64 encoded form at the bottom of the Certificate page, under the heading “Installing this certificate in a server.” In addition to its use with servers, this encoded form of the certificate can be used by CMS administrators and Data Recovery Manager agents for setting up new agents and recovering private encryption keys, respectively.

  • Page 62: Revoking One Or More Certificates

    Revoking Certificates Click Find. The search returns a list of matching certificates. You have the option of revoking one or all certificates in the list. Revoking One or More Certificates You can revoke an entire list of certificates returned by a search, or select and revoke one of the certificates from the list.

  • Page 63: Revoking Multiple Certificates

    Revoking Certificates On the Search Results form, find the certificate you want to revoke. If the certificate you want to see is not shown, scroll to the bottom of the list, specify an additional number n, and click Find. The system displays the next n certificates that match your original search criteria.
  • Page 64 Revoking Certificates To confirm the revocation: Inspect the details of the certificate and verify that it is the one you want to revoke. If you are revoking more than one certificate, the form shows details of all the listed certificates. Select an Invalidity Date on which it is known or suspected that the private key was compromised or that the certificate became invalid.

  • Page 65: Managing The Certificate Revocation List

    Managing the Certificate Revocation List CAUTION Whether you are revoking a single certificate or a list of certificates, be extremely careful that you have selected the correct one or that the list contains only the certificates you want to revoke. Once you confirm a revocation operation, there is no way to undo it.

  • Page 66: Updating The Crl

    Managing the Certificate Revocation List Choose how you want to display the CRL by selecting on of the options from the Display Type pull down menu. The choices on this menu are as follows: Cached CRL. Choose to view the CRL from the cache rather than from the CRL itself.
  • Page 67 Managing the Certificate Revocation List Select the algorithm that you want to use to sign the new CRL. MD5 with RSA generates a 128-bit message digest. Most existing software applications that handle certificates support only MD5. This is the default algorithm.
  • Page 68 Managing the Certificate Revocation List Netscape Certificate Management System Agent’s Guide • June 2003...

  • Page 69: Chapter 5 Publishing To A Directory

    Chapter 5 Publishing to a Directory This chapter describes the procedures for updating an LDAP directory with the current status of certificates. Only a Certificate Manager agent can update the directory. This chapter contains the following sections: • Working with a Directory Server •...

  • Page 70: Manual Directory Updates

    Updating the Directory with Changes • When Certificate Management System issues a new certificate, the certificate is published to the directory. • When Certificate Management System revokes a certificate, the certificate is removed from the directory. • When the CRL is created or updated, the list is published to the directory. Manual Directory Updates Normally you do not need to update a directory manually;...
  • Page 71 Updating the Directory with Changes Select “Skip certificates already marked as updated” to ignore certificates in the internal database that are marked as having been published already (or removed in the case of revoked certificates). For example, if you updated the directory once to revoke many certificates and it took several minutes, some new certificates may have been issued while the update was running.
  • Page 72 Updating the Directory with Changes Netscape Certificate Management System Agent’s Guide • June 2003...

  • Page 73: Chapter 6 Recovering Encrypted Data

    Chapter 6 Recovering Encrypted Data This chapter describes how to process key recovery requests and how to recover stored encrypted data when the encryption key has been lost. This service is available only when the Data Recovery Manager subsystem is installed. The Data Recovery Manager Agent Services page allows certified agents to accomplish these tasks.

  • Page 74: Finding Archived Keys

    Finding and Recovering Keys Finding Archived Keys You can search for archived keys to examine them or to initiate recovery. The process of selecting search criteria and selecting a key from the search results is the same in either case. To search for and list archived keys: Go to the Data Recovery Manager Agent Services page (see “Accessing Agent Services”...
  • Page 75 Finding and Recovering Keys Key identifiers. Use this section to find an archived key with a specific key identifier or to list all keys within a range of key identifiers. To find a key with a specific key identifier, enter the key identifier in both the upper limit and lower limit fields.

  • Page 76: Selecting A Key

    Finding and Recovering Keys Selecting a Key To select a key from the list returned by your key search: On the Data Recovery Manager’s Agent Services page, click Search for Keys, specify search criteria, and click Show Key to display a list of archived keys. For details, see “Finding Archived Keys”...

  • Page 77: Recovering Keys

    Recovering Keys Recovering Keys If you perform a search with the Recover Keys button, the Search Results form allows you to initiate the recovery of any key found. To initiate key recovery: On the Data Recovery Manager’s Agent Services page, click Recover Keys, specify search criteria, and click Show Key to display a list of archived keys.
  • Page 78 Recovering Keys The number of key recovery agent authorizations required to recover a key is configured by the system administrator using the CMS window in Netscape Console. The Key Recovery form has space for the required number of authorizations. Specify the password that the requester will use in importing the recovered certificate/key pair package.

  • Page 79: Remote Recovery Authorization

    Recovering Keys If you deselect this option, notify the key recovery agents that a recovery has been initiated, giving them the recovery authorization reference number indicated on this form. (For information on how to provide a remote authorization, see “Remote Recovery Authorization” on page 79.) Click Recover Now.

  • Page 80: Viewing Key Service Requests

    Viewing Key Service Requests To use the remote authorization feature, the designated key recovery agents must also be designated Data Recovery Manager agents, so that they are privileged to access the Agent Services pages directly. If you are using only local authorization, anyone can be designated as a recovery agent, since only you will need to access the recovery authorization form.

  • Page 81: Listing Key Service Requests

    Viewing Key Service Requests Listing Key Service Requests To list key service requests: Go to the Data Recovery Manager Agent Services page (see “Accessing Agent Services” on page 25). You must submit the proper client certificate to get access to this page. Click List Requests to display the List Requests form.

  • Page 82: Selecting A Request

    Viewing Key Service Requests To start the list at a specific place in the queue, enter the starting request identifier in decimal or hexadecimal form. to indicate the beginning of a hexadecimal number; for example, 0x2A (Key identifiers are displayed in hexadecimal form in the Search Results and Details pages.) Choose the number of matching requests you want to see.
  • Page 83 Viewing Key Service Requests On the Key Service Request Queue form, find a particular request. If the request you want to see is not shown, scroll to the bottom of the list and select the Next or Previous group of requests. Click Details next to the selected request.
  • Page 84 Viewing Key Service Requests Netscape Certificate Management System Agent’s Guide • June 2003...

  • Page 85: Chapter 7 Managing Ocsp Service Related Tasks

    Chapter 7 Managing OCSP Service Related Tasks This chapter describes how to perform Online Certificate Status Manager agent’s tasks, such as identifying a CA to the Online Certificate Status Manager, adding a CRL to the Online Certificate Status Manager’s internal database and so on. This service is available only when the Online Certificate Status Manager subsystem is installed.

  • Page 86: Identifying A Ca To Online Certificate Status Manager

    Identifying a CA to Online Certificate Status Manager To see the list of Certificate Managers: Open a web browser window. Go to the Online Certificate Status Manager’s Agent interface. The URL is in this format: h ttps://<hostname>:<port> The Online Certificate Status Manager Agent Services interface appears. In the left frame, click List Certificate Authorities.
  • Page 87 Identifying a CA to Online Certificate Status Manager In the resulting page, scroll to the section that says “Base 64 encoded certificate” and shows the CA signing certificate in its base-64 encoded format. Copy the base-64 encoded certificate, including the -----BEGIN marker lines, to the CERTIFICATE-----...

  • Page 88: Adding A Crl To Online Certificate Status Manager

    Adding a CRL to Online Certificate Status Manager Click Add. The certificate is added to the internal database of the Online Certificate Status Manager. To verify that the certificate is added successfully, in the left frame, click List Certificate Authorities. The resulting form should show information about the Certificate Manager (CA) you just added.
  • Page 89 Adding a CRL to Online Certificate Status Manager To add a CRL to the internal database: Open a web browser window. Go to the Certificate Manager’s Agent interface (see “Accessing Agent Services” on page 25). The URL is in this format: .

  • Page 90: Checking The Revocation Status Of A Certificate

    Checking the Revocation Status of a Certificate In the resulting form, paste the encoded CRL inside the text area labeled “Base 64 encoded certificate revocation list (including the header and footer).” Click Add. The CRL is added to the internal database of the Online Certificate Status Manager.
  • Page 91 Checking the Revocation Status of a Certificate Click Check. The resulting form should inform you about the status of the certificate you just submitted. Chapter 7 Managing OCSP Service Related Tasks...
  • Page 92 Checking the Revocation Status of a Certificate Netscape Certificate Management System Agent’s Guide • June 2003...

  • Page 93: Index

    Index overview 14 certificate profile accessing end-entity gateways 16, 28 approving 33 accessing forms 25 certificate profile information 32 Adjusting 43 diapproving 34 end user certificate profile 33 administrator/agent, initial enrollment 25 policy information 33 agent services forms processing requests 43 accessing 25 certificate requests Certificate Manager 17...
  • Page 94 documentation conventions followed 9 managers, overview 14 end entities 13 notification of issuance 49 end-entity gateways, accessing 28 enrollment requests approving 42 assigning 44 cloning 37, 48 examining 41 OCSP 15 handling process 35 OCSP responder listing 39 defined 15 statuses 40 Online Certificate Status Manager 85–91 enrollment, initial administrator/agent 25...
  • Page 95 Request Queue form 41 request status, on List Requests form 40 requests, enrollment approving 42 assigning 44 cloning 37, 48 examining 41 handling process 35 listing 39 statuses 40 types of 39 security concepts 7, 13 Services Summary page 28 Show canceled requests (request status) 40 Show completed requests (request status) 40 Show ending requests (request status) 40...

This manual is also suitable for:

Certificate management system 6.2

Table of Contents