Installing A New Ca Certificate In The Certificate Database; Installing A Ca Certificate Chain In The Certificate Database - Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.01:
- Configuration manual (282 pages) ,
- Reference (162 pages) ,
- Installation manual (106 pages)
Table of Contents
Advertisement
Installing a New CA Certificate in the Certificate
Database
You may need to install new trusted CA certificates in the certificate database of a
CMS instance. For example, assume that you renewed the signing certificate of a
Registration Manager. Also assume that the CA that signed the Registration
Manager's certificate is not included in the trust database of the Certificate
Manager that has been configured to sign certificate requests from this Registration
Manager.
When the Registration Manager attempts to request a service from the Certificate
Manager (using the renewed certificate for SSL client authentication), the
Certificate Manager fails to authenticate the Registration Manager. This happens
because, as a part of validating the certificate presented by the Registration
Manager, the Certificate Manager checks its certificate database for the CA that
signed the Registration Manager's certificate. The Certificate Manager does not
find the CA listed in its trust database as a trusted CA, so it rejects the Registration
Manager's service request.
The Certificate Setup Wizard built into the CMS window automates the process of
installing trusted CA certificates in the certificate database. For instructions on
using the wizard, see "Using the Wizard to Install a Certificate or Certificate
Chain" on page 452.
NOTE
Be sure to choose the "Other Trusted CAs" option in Step 2 of the
wizard process.
Installing a CA Certificate Chain in the Certificate
Database
Any client or server software that supports certificates maintains a collection of
trusted CA certificates in its certificate database. These CA certificates determine
which other certificates the software can validate—in other words, which issuers of
certificates the software can trust. In the simplest case, the software can validate
only certificates issued by one of the CAs for which it has a certificate. It's also
possible for a trusted CA certificate to be part of a chain of CA certificates, each
issued by the CA above it in a certificate hierarchy; for details on certificate
hierarchies and certificate chains, see "How CA Certificates Are Used to Establish
Trust" in Appendix D of Managing Servers with Netscape Console.
Managing the Certificate Database
Chapter 14
Managing CMS Keys and Certificates
487
Advertisement
Table of Contents
