Table of Contents
Advertisement
How Certificate Management System Works
Publishing of Certificates
Certificates can be published to a file or an LDAP directory. You set up the
publishing feature and set up rules that determine which certificates are published
using which method, and where exactly they are published. The publishing system
is flexible allowing you many options in configuring it.
The Registration Manager publishes only those certificates that it processes. You
can set up publishing in a Registration Manager in order to publish a subset of the
certificates issued by a Certificate Manager. A Registration Manager does not
publish CRLs. If you set up publishing in both the Certificate Manager and the
Registration Manager, certificates will be published to the locations specified and
according to the rules specified in both, the publishing systems of each are totally
separate, they do not work in tandem. See Chapter 15, "Publishing" for complete
details.
Key Archival
If you install a Data Recovery Manager, the private key is requested as part of the
enrollment and stored in the Data Recover Manager. See Chapter 6, "Data
Recovery Manager" for complete details.
Storing Certificate Requests and Certificates
When it issues a certificate, the Certificate Manager stores both the certificate and
the certificate request in it internal database. See "The Internal Database," on page
288 for complete details.
Renewing Certificates
A Registration Manager allows end-entities to renew certificates if the policies are
set up to allow for renewal. If so, the end-entity submits a renewal request in the
end-entity interface, and provides their old certificate. The Certificate Manager that
has a trusted relationship with this Registration Manager will then issue a new
certificate according to the policies set. Note, the Certificate Manager must also be
set up to allow for renewal of certificates and the policies set for renewed
certificates in the Certificate Manager will also be evaluated when the request is
processed.
Revoking Certificates
An end-entity can submit a certificate revocation request in the end-entity
interface. They might do this if they lose their private key, or if their certificate has
been otherwise compromised. When an end-entity requests a revocation, the
request is sent to the agent services interface for agent approval.
50
Netscape Certificate Management System Administrator's Guide • June 2003
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN