Table of Contents
Advertisement
How The Certificate Manager Works
Enrollment
An end entity can enroll in your PKI by submitting an enrollment request via the
end-entity interface. You can create more than one type of enrollment that either
uses a different enrollment method, has different certificate issuance policies, or
requires a different method of authentication, or all three. You can do this by
creating separate enrollment pages that are specific to the type of enrollment, type
of authentication, and the certificate issuance policies associated with this type of
certificate. The forms associated with enrollment are customizable allowing you to
change the content and the look and feel of the forms. See "Customizing the End
Entity Interface," on page 123 for information on the default forms. See the Netscape
Certificate Management System Customization Guide for information on customizing
these forms. You can also do this by creating certificate profiles for each with a
dynamically generated form associated with each certificate profile. You customize
the dynamically created certificate profile forms by configuring the inputs
associated with the certificate profile.
The Certificate Enrollment Process
When an end-entity enrolls in your PKI requesting a certificate, a number of things
can happen depending on your configuration and the subsystems you have
installed. The following lists those events in the approximate order they occur:
•
The end entity provides the information in one of the enrollment forms and
submits a request. The information gathered from the end entity is
customizable in the form depending on the information you want to collect, or
you need to collect to store in the certificate that is issued or to authenticate
against the authentication method associated with the form. The form creates a
request that is then submitted to the Certificate Manger.
•
The enrollment form can trigger the creation of the public and private keys for
this request, or for dual-key pairs.
•
The end entity may have to provide some form of authentication before
submitting the request. You can configure LDAP authentication, Pin-based
authentication, certificate-based authentication, or NIS-based authentication.
•
The request may be submitted using an agent-approved enrollment process or
an automated process.
124
Netscape Certificate Management System Administrator's Guide • February 2003
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR and is the answer not in the manual?