Table of Contents
Advertisement
Certificate Manager Deployment Considerations
You submit this request either as a self-signing request to the CA itself which will
then issue the certificates, this is how you create a self-signing root CA, or you
submit the request to a third party public CA and then install the certificate you
receive from the CA during the rest of the installation.
About the CA Key Pairs and Certificates
This section describes the key pairs and certificates associated with the Certificate
Manager.
CA Signing Key Pair and Certificate
Every Certificate Manager you install has a Certificate Manager CA signing certificate,
whose public key corresponds to the private key the Certificate Manager uses to
sign the X.509 certificates and CRLs it issues. This certificate is created and installed
when you install the Certificate Manager. The default nickname for the certificate is
caSigningCert cert-<instance_id>
instance in which the Certificate Manager is installed, and the default validity
period for the certificate is two years.
The subject name of the CA signing certificate reflects the name of your certificate
authority (CA) as specified during the installation. All certificates signed or issued
by the Certificate Manager include this name to identify the issuer of the certificate.
The Certificate Manager's status as a root or subordinate CA is determined by
whether its CA signing certificate is self-signed or is signed by another CA.
•
If the Certificate Manager is a root CA, its CA signing certificate is
self-signed—that is, the subject name and issuer name of the certificate is the
same.
•
If the Certificate Manager is a subordinate CA, its CA signing certificate is
signed by another CA, usually the one that is a level above in the CA hierarchy
(which may or may not be a root CA). If you have deployed the Certificate
Manager as a subordinate CA in a CA hierarchy, you must import your root
CA's signing certificate into individual clients and servers before you can use
the Certificate Manager to issue certificates to them.
NOTE
88
Netscape Certificate Management System Administrator's Guide • June 2003
You cannot change the CA name; doing so would make all
previously issued certificates invalid. Similarly, reissuing a
Certificate Manager's CA signing certificate with a new key pair
invalidates all certificates that have been signed by the old key pair.
, where
<instance_id>
identifies the CMS
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN