Certificate Manager's Key Pairs And Certificates; Ca Signing Key Pair And Certificate - Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.01:
- Configuration manual (282 pages) ,
- Reference (162 pages) ,
- Installation manual (106 pages)
Table of Contents
Advertisement
All key pairs associated with CMS certificates must be well protected to ensure that
they are never compromised. However, if you know or suspect that a key pair has
been compromised, reissue the certificate with a new key pair. For instructions to
get a new CMS certificate, see section "Getting New Certificates for the
Subsystems" on page 465.
Certificate Manager's Key Pairs and Certificates
The Certificate Manager uses the following key pairs and corresponding
certificates:
•
CA Signing Key Pair and Certificate
•
OCSP Signing Key Pair and Certificate
•
CRL Signing Key Pair and Certificate
•
SSL Server Key Pair and Certificate
CA Signing Key Pair and Certificate
Every Certificate Manager you installed has a certificate, identified as the Certificate
Manager CA signing certificate, whose public key corresponds to the private key the
Certificate Manager uses to sign the X.509 certificates it issues. The first time you
generated this certificate is when you installed the Certificate Manager. The default
nickname for the certificate is
identifies the CMS instance in which the Certificate Manager is
<instance_id>
installed, and the default validity period for the certificate is two years.
The subject name of the CA signing certificate reflects the name of your certificate
authority (CA) as specified during the installation. All certificates signed or issued
by the Certificate Manager include this name to identify the issuer of the certificate.
The Certificate Manager's status as a root or subordinate CA is determined by
whether its CA signing certificate is self-signed or is signed by another CA.
•
If the Certificate Manager is a root CA, its CA signing certificate is
self-signed—that is, the subject name and issuer name of the certificate is the
same.
•
If the Certificate Manager is a subordinate CA, its CA signing certificate is
signed by another CA, usually the one that is a level above in the CA hierarchy
(which may or may not be a root CA). If you have deployed the Certificate
Manager as a subordinate CA in a CA hierarchy, you must import your root
CA's signing certificate into individual clients and servers before you can use
the Certificate Manager to issue certificates to them.
Keys and Certificates for the Main Subsystems
caSigningCert cert-<instance_id>
Chapter 14
, where
Managing CMS Keys and Certificates
421
Advertisement
Table of Contents
