Table of Contents
Advertisement
Certificate Manager Deployment Considerations
OCSP Signing Key Pair and Certificate
Irrespective of whether you chose to enable the OCSP service feature, the
Installation Wizard transparently generates a key pair and a corresponding
certificate identified as the OCSP signing certificate.
The wizard uses the key type, key size, key algorithm, and validity period you
provided for the CA signing key pair to generate the OCSP signing key pair. The
subject name of the OCSP signing certificate is in the form
CN=OCSP
, and it contains extensions, such as
and
cert-<cms_instance_id>
OCSPSigning
, required for signing OCSP responses.
OCSPNoCheck
The default nickname for the OCSP signing certificate is
, where
identifies the
ocspSigningCert cert-<instance_id>
<instance_id>
CMS instance in which the Certificate Manager is installed.
The Certificate Manager uses the private key (that corresponds to the public key
used to generate the OCSP signing certificate) to sign the OCSP responses it sends
to the OCSP-compliant clients when queried about the revocation status of
certificates.
SSL Server Key Pair and Certificate
Every Certificate Manager you install has at least one SSL server certificate. The first
time you generated this certificate is when you installed the Certificate Manager.
The default nickname for the certificate is
, where
identifies the CMS
Server-Cert cert-<instance_id>
<instance_id>
instance in which the Certificate Manager is installed.
The Certificate Manager's SSL server certificate was issued by the CA to which you
submitted the certificate signing request. You might have submitted the request to
the Certificate Manager itself, another internally deployed CA, or a public CA.
By default, the Certificate Manager uses a single SSL server certificate for
authentication purposes. However, you can request and install additional SSL
server certificates for the Certificate Manager. For example, you can configure the
Certificate Manager to use separate server certificates for authenticating to the
End-Entity Services interface and Agent Services interface. See "Managing
Certificates and the Certificate Database" on page 114 for more details.
If you configure the Certificate Manager for SSL-enabled communication with a
publishing directory, the Certificate Manager also uses its SSL server certificate for
SSL client authentication to the publishing directory. This is the default
configuration. You can configure the Certificate Manager to use an alternate
certificate for this purpose. See "Managing Certificates and the Certificate
Database" on page 114 for more details.
Chapter 3
Certificate Manager
89
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN