Table of Contents
Advertisement
Configuring Key Archival and Recovery Process
Step A. Deploy Clients That Can Generate Dual Key Pairs
You can use the Data Recovery Manager to archive and recover keys only from
clients that support dual key-pair generation, the key archival option, and the CMC
protocol. Clients that do not meet this criteria cannot be used with the Data
Recovery Manager. To understand why you need to use clients that can generate
dual key pairs, see "Clients That Can Generate Dual Key Pairs" on page 200. The
same section also points you to an introduction to Netscape Personal Security
Manager, which when plugged into Netscape Communicator version 4.7x enables
it to support the CMC protocol and generate dual key pairs.
Step B. Connect the Enrollment Authority and the Data Recovery
Manager
Key archival occurs when dual key pairs are generated by the client. The client
generates the key pairs when a user requests a certificate by filling out the
appropriate certificate enrollment form served by an enrollment authority, which
can be either a Certificate Manager or a Registration Manager. When the
enrollment authority detects the key archival option in the request, it initiates the
key archival process and requests the service of the Data Recovery Manager for
archiving the key.
For the enrollment authority to be able to request the service of the Data Recovery
Manager, the two subsystems must be configured to recognize, trust, and
communicate with each other. When you installed the Certificate Manager, you
were asked if you wanted to connect it to a Data Recovery Manager. If you did,
some of the configuration was done at this time.
However, to ensure that key archival takes place successfully, you must make sure
that the Certificate Manager is connected to the Data Recovery Manager. Also
verify whether the enrollment authority has been set up as a privileged user, with
an appropriate SSL client authentication certificate, in the internal database of the
Data Recovery Manager. By default, the Certificate Manager uses its SSL server
certificate for SSL client authentication, whereas the Registration Manager uses its
signing certificate for this purpose.
Otherwise, follow the instructions in "Setting Up a Trusted Manager" on page 333
and set up the enrollment authority as a trusted front end to the Data Recovery
Manager.
Step C. Customize the Certificate Enrollment Form
For the enrollment authority to automatically initiate the key archival process at
the time key pairs are generated, a certificate request must include the following
information:
Chapter 6
Data Recovery Manager
231
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN