Table of Contents
Advertisement
How Certificate Management System Works
Request Processing
When the Registration Manger processes requests from its own end-entity
interface, it first considers the authentication method. If it is an agent-approved
enrollment method, the request is queued in the agent services interface where it
awaits agent approval. The agent can change some aspects of the certificate that
will be issued, and can approve or deny the request. If it is an automated
enrollment, the Registration Manger authenticates the user, and then continues
processing the request.
The Registration Manger next evaluates the request to ensure that it meets either
the policies set for this type of certificate, or the certificate profile set for this type of
enrollment.
Policies are a set of plug-ins that allow you to set constraints on the certificate and
define content and values for that content in the certificate. You can configure the
default policies and associate them with a particular certificate type. You can also
create custom policy modules. See Chapter 11, "Policies" for complete details.
Certificate Profiles are a new feature that bind an authentication method and
certificate type to a set of constraints and certificate content and values for that
content. It allows you to configure a single module for a type of certificate that
binds to an authentication method and sets constraints for the certificate issued as
well as defines the content and values for that content in the certificate. You can
configure the default certificate profiles or create custom modules. See Chapter 10,
"Certificate Profiles" for complete details.
If the constraints from either the Policy or the Certificate Profiles framework are
not met, the request is rejected, if they are met, the certificate is issued.
Certificate Creation
Approved, signed certificate requests are sent to the Certificate Manager in which a
trusted relationship has been established.
The request is next evaluated by the policies or certificate profiles of the Certificate
Manager. The request must meet the constraints set by the Certificate Managers in
order for a certificate to be issued. For example, the Registration Manager may
allow for this type of certificate to be issued with validity period of one year. If the
Certificate Manager has a policy set up the constrains this type of certificates to a
validity period of six months, the certificate will not be issued.
The Certificate Manager creates the certificate and returns it to the Registration
Manager.
Chapter 1
Overview
47
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN