Issuing And Managing Server Certificates - Netscape MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR Administrator's Manual

Before modifying a form, be sure to take a look at the default certificate-based
enrollment forms. Also check the customizing-related information for the
enrollment forms in CMS Customization Guide.

Issuing and Managing Server Certificates

CMS can issue SSL server certificates to servers. Servers use these certificates to
authenticate themselves to other servers and end users, and to encrypt data. In
order to issue SSL server certificates, the signing certificate for the Certificate
Manager must be enabled for such issuance. If the Certificate Manager got its
signing certificate from a third-party, the signing certificate may not allow for
issuance of SSL server certificates.
For CMS to generate a server certificate, it must receive the certificate signing
request (CSR) from the server that needs the certificate. This request must be
initiated by the administrator of the specific server requiring the certificate.
SSL-enabled servers (or servers that are capable of using certificates for security)
provide mechanisms for generating a CSR based on new or existing key pairs.
Once an administrator generates a CSR for a server, they must paste it into the
appropriate server enrollment form hosted by a Registration Manager or
Certificate Manager, and then submit the request.
The request is processed using the enrollment method associated with the request
form. The server administrator goes to the agent-approved enrollment form hosted
by the Registration Manager, pastes in the certificate signing request in PKCS #10
format, completes the other information in the enrollment form, and submits the
form. The request is then processed according to that method.
certauthEnrollType
certificate-based-enrollment types:
specifies that the enrollment request is for dual certificates;
specifies that the enrollment request is for a signing certificate; and
specifies that the enrollment request is for an encryption
encryption
certificate.
Note that choosing
dual
dual key pairs.
—this variable specifies whether the server should request the
doSslAuth
client for SSL client authentication. You must set the value of this
parameter to and make sure that the port number specified in the
on
authentication instance is an SSL port.
—this variable specifies one of the three
,
dual single
would require a client that's capable of generating
Issuing and Managing Server Certificates
, or ;
encryption dual
single
Chapter 9 Authentication 409