Table of Contents
Advertisement
If you want a Certificate Manager to use a separate key pair for signing the CRLs it
generates, you can do so after installation. Note that a Certificate Manager's CRL
signing certificate must be signed or issued by itself; make sure you submit the
request to the Certificate Manager itself.
To enable a Certificate Manager to sign CRLs with a separate key pair:
Request and install a CRL signing certificate for the Certificate Manager. To do
1.
this, you may use either of these options:
Use the Certificate Setup Wizard available within the CMS window.
Use the Certificate Database tool (
a certificate for the key pair, and install the certificate in the Certificate
Manager's certificate database. For more information about the Certificate
Database tool, see:
http://www.mozilla.org/projects/security/pki/nss/tools/
To request and install a CRL signing certificate for a Certificate Manager using
its Certificate Setup Wizard, follow these instructions:
Log in to the CMS console (see "Logging Into the CMS Console" on
a.
page 245).
Select the Configuration tab, and then select the Encryption tab.
b.
Click Certificate Setup Wizard to launch the wizard.
c.
Select the option to request a certificate and then follow the on-screen
d.
prompts to generate a certificate request for the CRL signing certificate—in
the Certificate Selection window, select
as the certificate type in the associated text field.
Once you have the certificate request ready, submit it to the Certificate
e.
Manager so that it can issue a certificate—in the request submission screen
of the wizard, use the auto-submission feature by entering the Certificate
Manager's hostname and port number so that the request gets added to the
Certificate Manager's agent queue.
Log in to the Agent Services interface, check the request for required
f.
extensions. For example, the CRL signing certificate must contain the Key
Usage extension with the
Manager's policy is configured to add the Key Usage extension with
correct bits to the CRL signing certificate; see the policy rule named
CRLSignCertKeyUsageExt
Approve the request.
g.
) to generate a key pair, request
certutil
and specify
Other
bit set. (By default, the Certificate
crlSigning
, which is an instance of
Chapter 3
Configuring the Certificate Manager
caCrlSigning
plug-in.)
KeyUsageExt
Certificate Manager
115
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN