Keys And Certificates For The Main Subsystems - Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.01:
- Configuration manual (282 pages) ,
- Reference (162 pages) ,
- Installation manual (106 pages)
Table of Contents
Advertisement
Keys and Certificates for the Main Subsystems
Keys and Certificates for the Main Subsystems
This section explains the various certificates required and used by the CMS
managers:
•
Certificate Manager's Key Pairs and Certificates
•
Registration Manager's Key Pairs and Certificates
•
Data Recovery Manager's Key Pairs and Certificates
•
Online Certificate Status Manager's Key Pairs and Certificates
The key pairs that correspond to certificates used by these subsystems can be
stored either in an internal or an external token, or in both. It depends on the token
you chose for the generation and storage of the keys and certificates. For
information on tokens, see "Tokens for Storing CMS Keys and Certificates" on
page 431.
As an administrator, you must make sure that the private keys that correspond to
all certificates, especially the CA signing certificate, used by CMS managers are
adequately protected. This includes protecting them from damage (in other words,
by archiving and backing up the keys) as well as protecting them from
unauthorized access or use. The passwords that protect the tokens containing these
keys must also be carefully guarded. Access to the token itself should be limited.
•
If the keys and certificates are in the internal token, make sure that only you or
authorized administrators have access to these files (the
cert-<instance_id>-<machine_name>-cert7.db
cert-<instance_id>-<machine_name>-key3.db
<server_root>/alias
stored on backup tapes or is otherwise available for someone to intercept.
Because the destruction of a private key in a disk crash can be disastrous if you
are depending upon that key for a hierarchy of certificate authorities, backing
up your key data is commensurately important. If you do make copies of your
keys, however, you must protect your backups with the same level of security
that you use for protecting your original keys.
•
If the keys are in an external token, such as a smart card, keep it in a locked
facility. Also, periodically change the passwords that protect these keys. See
"Changing a Token's Password" on page 435.
All CMS certificates have a validity period, as specified when the certificates were
generated, beyond which they cannot be used. For a certificate to be valid beyond
it's expiration date, it must ne renewed. For instructions to renew a CMS certificate,
see section "Renewing Certificates for the Subsystems" on page 474.
420
Netscape Certificate Management System Installation and Setup Guide • May 2002
directory). It's also important to know if these files are
and
files located in the
Advertisement
Table of Contents
