Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 250

The Administrative Interface
Storing an Administrator's Client Certificates
You must store the certificates for any of administrator using this system. The
certificate should be either from the CA itself, or from whichever CA signed the
certificate for the subsystem.
Make sure the client certificate is good for SSL client authentication, otherwise, the
server will not accept the client certificate and will post the following error
message in the error log located in the directory
<server_root>/cert-<instanceID>/logs/errors
failure (14290): Error receiving connection
(SEC_ERROR_INADEQUATE_CERT_TYPE - Certificate type not approved for
application.)
Enabling SSL Client Authentication
To enable SSL client authentication in Netscape Console:
Since you need to use
1.
create certificate request, make sure to set the LD_LIBRARY_PATH correctly.
To do this, issue the following command:
setenv LD_LIBRARY_PATH <server_root>/lib:$LD_LIBRARY_PATH
Use
2.
in
a.
b.
Request the client certificate. Go to the end-entity interface for the CA that will
3.
issue the certificate and click on the Enrollment tab.
Select the "Manual User Dual-Use Certificate Enrollment" link.
4.
Fill in all necessary information required for the form and click Submit.
5.
Once you get the certificate, make sure to import it to the browser.
6.
Export the certificate as p12 file.
7.
Import the client certificate in p12 format to the cert8.db.
8.
./pk12util -i <pk12file> -d "<home directory>/.mcc"
Log in to the CMS console (see "Logging Into the CMS Console" on page 247).
9.
250 Netscape Certificate Management System Administrator's Guide • February 2003
certutil
in
certutil /bin/cert/tools
<home_directory>/.mcc
Go to the following directory:
<server_root>/bin/cert/tools
Issue the command:
./certutil -N -d <home_directory>/.mcc
:
to initialize
cert8.db
to initialize the cert8.db and key3.db files
. To do this:
and and to
key3.db