Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual page 496

Introduction to Authentication
• The certificate being presented by the end user for renewal must be currently
valid or must have expired; it cannot have been revoked.
• The validity period of a renewed certificate is determined by the policy rule
explained in "RenewalValidityConstraints Plug-in Module" of CMS Plug-Ins
Guide. If the renewal lead time does not permit renewing, the server rejects the
renewal request. Also, if the policy is disabled, renewal of certificates fails.
• If the certificate being presented by the end user has already been renewed, the
server displays the URL for downloading the certificate.
This situation may occur if the end user forgets to download the renewed
certificate. It can also happen if the end user maintains two identical certificate
databases on two machines, renews the certificate from one machine, and then
tries to renew the same certificate from the other machine.
Certificate Renewal Form
The End Entity Services interface of the Certificate Manager and Registration
Manager includes a default HTML form for renewing end users' certificates. The
form is accessible from the Renewal tab as shown in Figure 15-3.
Figure 15-3
The default renewal form is preconfigured for SSL client authentication, enabling
end users to renew their personal or client certificates by presenting valid or
expired certificates.
496 Netscape Certificate Management System Installation and Setup Guide • May 2002
Certificate renewal form for end users