Table of Contents
Advertisement
Configuring the Certificate Manager
Configuring the Certificate Manager
This section lists the areas that you can configure for the Certificate Manager, gives
a description of that area, and points you to specific information on configuring
that set of features.
Adding Users
Once the Certificate Manager is installed, you need to add users and assign them to
the administrator, agent, or auditor roles. If you selected the option to have the
administrator created during installation also act as an agent, then the
administrator is your first agent. If you did not, you need to create an agent user
who can access the agent services interface. See Chapter 8, "Authorization" for
details on adding users and assigning them to groups.
Configuring Authorization
Each subsystem has a set of predefined roles that are assigned a default set of
privileges. You create users in the CMS database and then assign them to a group
to give them the privileges of that group. The privileges assigned to a group are
controlled by Access Control Instructions (ACIs) placed in Access Control Lists
(ACLs). ACLs define points that need specific authorization. Generally, each
defines a distinct set of functionality for the server. ACIs define what operations
can or cannot be performed by a user, group, or IP address for that particular ACL.
You can change the default ACIs set up in the ACLs to change the privileges of a
user, group, or IP address. You can also create new groups and assign privileges to
those groups by adding ACI entries for that group in the ACLs. For complete
details about creating users, assigning users to groups, creating groups, and
changing ACIs and ACLs, see Chapter 8, "Authorization."
Default ACL Configuration
The configuration set up for the Certificate Manager gives the following privileges
to members of the following groups:
•
Members of the Administrator group can perform any operations in the
administrative interface including viewing configuration settings, changing
configuration settings, adding or deleting plug-ins, creating or deleting
instances or plug-ins, and viewing all logs except for the signed audit log—if
you have the signed audit feature set up. Administrators do not have access to
the agent services interface or any task performed there.
110
Netscape Certificate Management System Administrator's Guide • February 2003
Advertisement
Table of Contents
