Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual page 90

Some Enrollment Scenarios
For example, to get a certificate, a contractor provides an ID and password to the
Registration Manager, which uses the Kerberos system to verify them before
passing on the certificate request to the Certificate Manager. This arrangement
involves the following steps, illustrated in Figure 2-4. (The details of the existing
security system don't matter: third-party or custom CMS authentication modules
can be used for Kerberos, NIS, and many other security systems. Extranet users can
continue to use applications based on the old security systems while they use their
certificates to take advantage of new certificate-based applications.)
Request certificate. A user of ExampleCorp's existing extranet fills in and
1.
submits a certificate request (over SSL) using a customized form that requires a
Kerberos ID and password.
Authentication. The Registration Manager uses a third-party authentication
2.
module to validate the user's identity using the existing internal Kerberos
system.
Request certificate. If authentication against Kerberos is successful, the
3.
Registration Manager performs policy processing and, if processing is
successful, forwards the request to the Certificate Manager.
Issue certificate. The Certificate Manager performs its own policy processing
4.
on the request and, if processing is successful, issues the certificate and delivers
it to the Registration Manager.
Deliver certificate. If the Certificate Manager issues the certificate, the
5.
Registration Manager delivers it to the end user in the same session. If the
request is unsuccessful for any reason, the Registration Manager displays a
web page to the user explaining the problem and what to do about it.
90 Netscape Certificate Management System Installation and Setup Guide • May 2002