Configuring Certificate Profiles; Configuring Publishing - Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual

Configuring the Certificate Manager

Configuring Certificate Profiles

The Certificate Profile feature uses instances of certificate profile plug-ins that can
be configured to issue a type of certificate. The certificate profile contains defaults
that specify the contents and the value of that content for this type of certificate,
constraints that constrain the content of this type of certificate, associate the
certificate profile with a set up authentication method, and define the contents of
the enrollment page and the output page when an automated authentication
method is used.
The default instances of certificate profiles are for particular types of certificates
including a CA certificate, SSL server certificate, end-entity certificate, and so on.
Each certificate profile is associated with the certificate profile form in the end
entity interface that lists all of the available certificate profiles. The end entity
chooses the certificate profile when submitting the request. You can customize this
form. Any enabled certificate profiles will appear as links on this form. Those links
take the user to a dynamically created HTML page that is generated based on the
inputs set in the certificate profile.
Each certificate profile that will be used is configured by an administrator. The
administrator configures defaults and constraints, inputs, outputs, and specifies
the authentication method for each certificate profile.
The certificate profiles that have been configured are listed in the agent services
interface where the agent has to approve the certificate profile to enable it. Once the
certificate profile is enabled, it appears in the end entity interface.
When an end entity submits a request using a particular certificate profile, the
certificate profile authenticates the request based on the authentication mechanism
associated with that certificate profile—and thus the enrollment method. The
certificate is issued following the constraints and extensions set in that certificate
profile.
For detailed information, see Chapter 10, "Certificate Profiles."

Configuring Publishing

You can publish certificates and CRLs to files or to an LDAP directory, and publish
CRLs to an Online Certificate Status Manager.
The publishing feature allows you to determine which certificates and which CRLs
are published to which locations. The flexible plug-in interface provides the ability
to publish the same certificate or CRL to a number of places, and to determine a
subset of certificates or a particular CRL to publish to a single location.
Chapter 3 Certificate Manager 121