Table of Contents
Advertisement
The agent-approved process, which involves no end-entity authentication,
sends the request to the request queue in the agent services interface where
an agent must processes the request. An agent can then change the status
of the request, reject the request, or approve the request. The agent can also
change some aspects of the request.
You can set up an automated notification that send an email any time a
request appears in the queue to the agent, or an automated job that sends a
list of the contents of the queue to agents on a pre configured schedule. See
Chapter 12, "Automated Notifications" and Chapter 13, "Automated
Jobs."
The automated process, which involves end-entity authentication, allows
the certificate to be processed upon successful authentication of the end
entity.
•
The form can collect information about the end entity from an LDAP directory
when the form is submitting. You can set up policies using predicates that
request this information from the LDAP directory when the user authenticates
using an LDAP user ID and password. For certificate profile based enrollment,
you set up defaults that are used to collect this information.
•
The policies or certificate profile associated with the form determine aspects of
the certificate that is issued. Depending on the policies or certificate profile that
are associated with the form, the request is evaluated against these to
determine if the request meets the constraints set, if the required information is
provided, and what the resultant certificate will contain.
•
The form can also request the export of the private encryption key from the
user. If the Data Recovery Manager subsystem is set up with this CA, the end
entities key is requested, and an archival request is sent to the Data Recovery
Manager. This process generally takes place in the background requiring no
interaction from the end entity.
•
The certificate request is either rejected at some point in the process either by
an agent, or because it did not meet the policy, certificate profile, or
authentication requirements, or a certificate is issued.
•
The certificate is delivered to the end entity.
In automated (for example, directory-based) enrollment, the certificate is
delivered to the user immediately. Normally, the enrollment is via HTML
page (the browser), the certificate is returned as a response (HTML page)
to a HTTP submit (post).
In agent-approved enrollment, the certificate can be retrieved by serial
number, or request Id in the end-entity interface.
How The Certificate Manager Works
Chapter 3
Certificate Manager
125
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN