Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual page 36
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.01:
- Configuration manual (282 pages) ,
- Reference (162 pages) ,
- Installation manual (106 pages)
Table of Contents
Advertisement
Overview of Key Features
The Certificate Manager's ability to support multiple Registration Managers makes
it more scalable and also adds an extra layer of security for the CA. For example,
you can set a policy that requires all clients to go through a remote Registration
Manager, and then have the remote Registration Manager route all client requests
to the Certificate Manager located inside a firewall.
For more information, see "Trusted Managers" on page 380.
Ability to function as both a root and a subordinate CA in a CA
hierarchy
Certificate Management System can function as a root or parent CA; in this case, the
server signs its own CA signing key as well as other CA signing keys, enabling you
to create your own CA hierarchy. You can also install the server to function as a
subordinate CA; in this case, the server gets its CA signing key signed by another CA
in an existing CA hierarchy.
For details on installing the Certificate Manager as a root or subordinate CA, see
Part 2, "Planning and Installation."
Ability to function as a linked CA
Certificate Management System can function as a linked CA, chaining up to many
third-party or public CAs for validation; this provides cross-company trust, so
applications can verify certificate chains outside the company certificate hierarchy.
You chain a Certificate Manager to a third-party CA by requesting the Certificate
Manager's CA signing certificate from the third-party CA.
For details on installing the Certificate Manager as a linked CA, see Part 2,
"Planning and Installation."
CA scalability via cloning
If you don't want to create a CA hierarchy comprising root and subordinate CAs,
you can create multiple clones of a Certificate Manager and configure each clone to
issue certificates that fall within a distinct range of serial numbers. Because clone
CAs use the same CA signing key and certificate (as that of the master CA) to sign
the certificates they issue, the issuer name in all the certificates in your PKI setup
would be the same (as if they've been issued by a single CA).
For details on cloning a Certificate Manager, see "Cloning a Certificate Manager"
on page 282.
36
Netscape Certificate Management System Installation and Setup Guide • May 2002
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01
- Netscape NETSCAPE CONSOLE 6.0 - MANAGING SERVERS
- Netscape NETSCAPE DIRECTORY SERVER 6.02
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - GATEWAY CUSTOMIZATION
- Netscape NETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTERPRISE SERVER 6.1 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR
- Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - ADMINISTRATOR