Table of Contents
Advertisement
Understanding CMS Installation
When you begin installation, you will be instructed to create a special user ID,
which you will then use to log in to the Operating System when you install CMS.
This user ID will be the effective user ID of the CMS server itself during runtime.
You will then need to create groups for the auditor and administrator roles, which
you must then assign to the actual user IDs for the CMS administrators and CMS
auditor users on the operating system.
After CMS files are installed, you will be instructed to change the ownership of the
CMS files to the special user ID that you've created by running a shell script
provided with this product. Finally, you will be instructed to disable this special
user ID account, preventing users from logging in with this user ID.
Understanding CMS Installation
You must install CMS on each host on which a CMS subsystem is installed. You
can set up the environment with all subsystems installed on the same host, or with
some or all subsystems on separate hosts, but every host must have CMS.
Configuring CMS to Use Hardware Tokens
You will be instructed to configure each CMS installation to use a FIPS 140-1 Level
3 certified hardware token after installing CMS on the host, but before installing
and configuring any subsystems on that host. Hardware tokens are required for all
subsystems (CA, RA, DRM, and OCSP Responder); DRM needs at least two: one
for user private key transport key, and one for user private key storage key.
Revocation Checking
In order to check the status of CMS user certificates, you will be instructed to set up
revocation checking for each CMS instance by setting up the revocation feature in
the NES instance used by that CMS instance.
Appendix C
Understanding the Common Criteria Evaluated CMS Setup
689
Advertisement
Table of Contents
