Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual page 520
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.01:
- Configuration manual (282 pages) ,
- Reference (162 pages) ,
- Installation manual (106 pages)
Table of Contents
Advertisement
Configuring Authentication for End-User Enrollment
In the Certificate Validity section, check the "Override validity nesting
3.
requirement" option, if you want the Certificate Manager to issue certificates
with validity periods beyond that of its CA signing certificate; see "CA Signing
Key Pair and Certificate" on page 421).
If you leave the box unchecked and if the Certificate Manager (CA) finds a
request with validity period extending beyond that of its CA signing
certificate, it automatically truncates the validity period to end on the day the
CA signing certificate expires. For example, if the CA signing certificate expires
on June 10, 2004, any enrollment or renewal request with validity period
beyond June 10, 2004 will have validity period truncated to end on June 10,
2004.
Validity periods of certificates during enrollment is determined by the policy
explained in
periods of certificates during renewal is determined by the policy explained in
RenewalValidityConstraints
explained in CMS Plug-Ins Guide.
In the Certificate Serial Number section, specify the serial number range for
4.
certificates issued by this Certificate Manager. The server assigns the serial
number you enter in the "Next serial number" to the next certificate it issues
and the number you enter in the "Ending serial number" to the last certificate it
issues.
The serial number range enables you to deploy multiple CAs, balancing the
number of certificates each CA issues. Note that the combination of an issuer
name and a serial number uniquely identifies a certificate. To ensure that two
distinct certificates issued by the same authority doesn't contain the same serial
number, make sure the serial number range does not overlap among cloned
CAs. (For information on cloning CAs, "Cloning a Certificate Manager" on
page 282.)
Also note that when a CA exhausts all its serial numbers, you can revive it by
changing the values in the "Next serial number" and "Ending serial number"
fields, followed by restarting the Certificate Manager.
In the Default Signing Algorithm section, select the signing algorithm the
5.
Certificate Manager should use for signing certificates. The choices are "MD2
with RSA," "MD5 with RSA," and "SHA1 with RSA," if the CA's signing key
type is RSA and "SHA1 with DSA," if the CA's signing key type is DSA.
520
Netscape Certificate Management System Installation and Setup Guide • May 2002
ValidityConstraints
plug-in module. Both the modules are
plug-in module. Similarly, validity
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01
- Netscape NETSCAPE CONSOLE 6.0 - MANAGING SERVERS
- Netscape NETSCAPE DIRECTORY SERVER 6.02
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - GATEWAY CUSTOMIZATION
- Netscape NETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTERPRISE SERVER 6.1 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR
- Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.01 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.02 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - PLUG-IN
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - ADMINISTRATOR