Table of Contents
Advertisement
How Certificate Management System Works
The Certificate Manger acts as a Certificate Authority (CA). It can be configured as
a self-signing CA, where it is the root CA, or it can act as a subordinate CA, where
it obtains its own signing certificate from a public CA.
Scalability
You can configure more than one CA either forming a vertical or horizontal chain
of CAs. For example, you can create a root CA for your deployment that is either
self-signing or subordinate to a public CA and then have one or more CAs below
this root CA. Those CAs can have further CAs below them forming a chain of CA's.
You can also clone a CA so that two CAs are set up in an identical manner and use
the same CA signing Certificate, but each uses a different set of serial numbers for
the certificates it issues.
Federal Bridge Certificate Authority
CMS also allows you to create a trusted relationship between two separate CAs by
issuing and storing cross-signed certificates between these two CAs. This feature of
the PKI is called Federal Bridge Certificate Authority (FBCA). This feature allows
you to trust certificates issued by a CA outside of your PKI that shares a
cross-signed certificate with the CA in your PKI.
Certificate Manager Functionality
The Certificate Manger issues, renews, and revokes certificates when it receives
signed requests from either its own agents (user's who are assigned privileges to
approve enrollment, renewal, and revocation requests), from a trusted Registration
Manger, or from a third-party application that sends a signed request using its
agent certificate that is set up for CMC enroll or revoke with the Certificate
Manager.
The Certificate Manager also compiles lists of revoked certificates, called Certificate
Revocation Lists (CRLs) that it can publish to files, an LDAP directory, or an OCSP
service.
The Certificate Manager maintains a database of issued certificates, and of
processed requests, so that it can track renewal, expiration, and revocation.
Types of Certificates That are Managed
CMS can issue and manage certificates for Certificate Authority signing certificates,
cross-signed pair certificates (FBCA), SSL server certificates, router certificates,
VPN client certificates, and end user certificates.
Chapter 1
Overview
41
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN