Reasons For Revoking A Certificate - Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.01:
- Configuration manual (282 pages) ,
- Reference (162 pages) ,
- Installation manual (106 pages)
Table of Contents
Advertisement
Publishing of CRLs
Manager is configured to do so. In addition to certificates, the Certificate Manager
also maintains a CRL in its internal database. You can configure the Certificate
Manager to generate the CRL every time a certificate is revoked and at periodic
intervals.
You can also configure the Certificate Manager to generate and publish CRLs
conforming to X.509 (either version 1 or version 2) standards by enabling or
disabling the CRL extension-specific modules in the server's configuration. Note
that the server supports standard CRL extensions that are explained in Chapter 7,
"CRL Extension Plug-in Modules" of CMS Plug-Ins Guide.
For instructions on how to configure a Certificate Manager to publish CRLs, see
"Configuring a Certificate Manager to Publish Certificates and CRLs" on page 595.
Reasons for Revoking a Certificate
A Certificate Manager can revoke any certificate it has issued. A certificate needs to
be revoked if one or more of the following situations occur:
•
The owner of the certificate has changed status and no longer has the right to
use the certificate.
•
The private key of a certificate owner has been compromised.
•
The certificate owner doesn't want to use the certificate.
•
The private key of the CA that issued the certificate has been compromised.
A certificate can be revoked by administrators, agents, and end entities, such as
end users and individual server administrators. Agents and administrators (with
agent privileges) can revoke certificates by using the forms provided in the agent
interface. Administrators, agents, and end users can revoke certificates by using the
forms provided in the Revocation tab of the end-entity interface. Note that end
users can revoke only their own certificates, whereas agents and administrators can
revoke any certificates issued by the server. End users are also required to
authenticate to the server in order to revoke their certificate; see "Authentication of
End Users During Certificate Revocation" on page 497.
Whenever a certificate is revoked, the Certificate Manager updates the status of the
certificate in its internal database. This way, the server keeps track of all revoked
certificates in its internal database and it makes the revoked list of certificates
public (by publishing it to a central repository) to notify other users that the
certificates in the list are no longer valid.
592
Netscape Certificate Management System Installation and Setup Guide • May 2002
Advertisement
Table of Contents
