Table of Contents
Advertisement
Configuring the Certificate Manager
d.
Restart the Certificate Manager. Now the Certificate Manager is ready to use
4.
the CRL signing certificate to sign the CRLs it generates.
Getting Additional SSL Server Certificates
The Certificate Manager uses its SSL server certificate to do SSL server-side
authentication to the following:
•
The End-Entity Services interface (the HTTPS port)
•
The Certificate Manager Agent Services interface
•
Clone Certificate Managers, when used as a master Certificate Manager in a
cloned CA setup (see "Cloning a CA," on page 129.")
By default, the Certificate Manager uses a single SSL server certificate for
authentication purposes. However, you can request and install additional SSL
server certificates for the Certificate Manager. For example, you can configure the
Certificate Manager to use separate server certificates for authenticating to the
End-Entity Services interface and Agent Services interface. For instructions, see
"Configuring the Server to Use Separate SSL Server Certificates" on page 321.
If you configure the Certificate Manager for SSL-enabled communication with a
publishing directory, the Certificate Manager also uses its SSL server certificate for
SSL client authentication to the publishing directory. This is the default
configuration. You can configure the Certificate Manager to use an alternate
certificate for this purpose; see "Getting an SSL Client Certificate for a Subsystem"
on page 322.
If you configure the Certificate Manager to function as a trusted manager to a Data
Recovery Manager, the Certificate Manager also uses its SSL server certificate for
SSL client authentication to the Data Recovery Manager. For details on trusted
managers, see "Trusted Managers" on page 329. You can also configure the
Certificate Manager to use an alternate certificate for this purpose; see "Getting an
SSL Client Certificate for a Subsystem" on page 322.
114
Netscape Certificate Management System Administrator's Guide • February 2003
For example, your edited entries might look like this:
ca.crl_signing.cacertnickname=crlSigningCert cert-demoCA
ca.crl_signing.defaultSigningAlgorithm=MD5withRSA
ca.crl_signing.tokenname=Internal Key Storage Token
Save your changes and close the file.
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN