Table of Contents
Advertisement
Important
After you submit the initial Administrative Enrollment form and the certificate is
issued, the form is no longer available from the administration port. If something
goes wrong and you are unable to obtain the administrator/agent certificate, you
must reset a parameter in the configuration file to make the initial administrative
enrollment form available again.
To reset the Administrative Enrollment form:
Stop the server instance.
1.
Go to the following directory:
2.
<server_root>/cert-<instance_id>/config
Open the file
3.
CMS.cfg
Change the value of the following parameter from false to true:
4.
cmsgateway.enableAdminEnroll=false
Save the file.
5.
Start the server instance.
6.
The next time you access the administration port, the Administrator/Agent
7.
Certificate Enrollment form will be available again.
Getting an Agent's Certificate from a Public CA
The following general guidelines explain how a user can get a client certificate
from a public CA and how you can copy that certificate (in base-64 encoded form)
to the internal database of the appropriate subsystem:
Have the user send a client certificate request to a public CA from the
1.
computer they will use to access the subsystem from the Agent Services
interface. It is important that they generate and submit this request from the
computer they will use later to access the subsystem, because part of this
request process generates a private key on the local machine. Alternatively, if
location independence is required, they can use a hardware token, such as a
smart card, to generate and store the key pair (and the certificate when they
receive it from the public CA).
When they receive the certificate from the public CA, have them import the
2.
certificate into the web browser used to access the subsystem. It is a good idea
to ask the user to inform you that the certificate has been installed.
in a text editor.
Agent Certificates
Chapter 8
Authorization
339
Advertisement
Table of Contents
