Table of Contents
Advertisement
Configuring the Certificate Manager
•
Portal Enrollment. End users are registered into an LDAP directory and issued
a certificate. If user already has an entry in the directory, they are authenticated
against the directory and then issued a certificate. See "Setting Up Portal
Enrollment," on page 400.
•
CMC Auth. This plug-in allows to send agent signed requests and have those
requests processed. See "Setting Up CMC Enrollment," on page 404.
•
Agent Authentication. End-entities are authenticated against the CMS internal
user database. If the end entities have agent certificates, the submitted
certificate requests will be approved immediately.
Configuring Policies
The Policy feature is a set of plug-ins that you create instances of and then
configure. These instances define certificate content and the values for that content
and constraints for the content that can either be associated with all certificates, or
with a subset of certificates defined using predicates. When a non-certificate profile
enrollment request is processed, it is evaluated against all policies that are
applicable to this type of request. Any policy that has no predicate is evaluated
against all certificate requests. Those with predicates are evaluated against
certificates requests that match the predicate value of the policy. The predicate
value can be a certificate type, like a CA certificate or an SSL signing certificate, in
which case, all requests for that type of certificate are evaluated by the policy. The
predicate value can be some other evaluator that can be matched in the request.
You can use hidden values in the request form to match predicate values.
When using the policy feature for enrollment, you must take care to associate a
form with all of the policies you want to be evaluated for this certificate request.
Some of the policies can be configured to collect other information about an end
entity from an LDAP directory and place that information in the certificate. A
default set of policies is created. Some of these are enabled and some are disabled.
You need to configure the policy feature by configuring the existing policies,
deleting unwanted policies, and creating needed policies that are not created by
default.
See also the following for information on certificate profiles, which replace the
policies functionaly in current and future releases of CMS.
For detailed information, see Chapter 11, "Policies."
120
Netscape Certificate Management System Administrator's Guide • February 2003
Advertisement
Table of Contents
