Table of Contents
Advertisement
Features
Support for Open Standards
With its support for open standards, CMS gives organizations confidence that they
will be able to communicate within a heterogeneous computing environment. CMS
supports standards in the following ways:
•
Formulates, signs, and issues industry-standard X.509 version 3 public-key
certificates; version 3 certificates include extensions that make it easy to
include organization-defined attributes. This means that you can use these
certificates for extranet and Internet authentication as well.
•
Supports RSA public-key algorithm for signing and encryption, DSA
public-key algorithm for signing, and MD2, MD5, and SHA-1 for hashing.
•
Supports signature key lengths of up to 1024 bits (DSA) and 4096 (RSA) on
both hardware and software tokens.
•
Supports multiple message formats, such as KEYGEN/SPAC, CRMF/CMMF,
CRS/CEP/SCEP, and PKCS #10 and CMC for certificate requests. All requests
are delivered to CMS over HTTP or HTTPS; in the case of CRS/CEP/SCEP
protocol, the delivery method is always over HTTP.
•
Supports certificate formats that encompass certificates for SSL-based client
and server authentication, secure Multipurpose Internet Mail Extensions
(S/MIME) message signing and encryption, object signing, VPN clients, and
Cisco™ routers.
•
Supports generation and publication of CRLs conforming to X.509 version 1
and 2.
•
Publishes certificates and CRLs to the any LDAP-compliant directory over
LDAP and HTTP/HTTPS connections.
•
Publishes certificates and CRLs to a flat file for importing into other resources.
For example, the sample code for Flat File CRL and certificate publisher can be
customized to store certificates and CRLs in an Oracle RDBMS
•
Publishes CRLs to an online validation authority (or OCSP responder),
enabling real-time verification of certificates by OCSP-compliant clients.
36
Netscape Certificate Management System Administrator's Guide • February 2003
TM
.
Advertisement
Table of Contents
