Sign In
Upload
Manuals
Brands
Netscape Manuals
Software
Certificate Management System 6.2
Netscape Certificate Management System 6.2 Manuals
Manuals and User Guides for Netscape Certificate Management System 6.2. We have
3
Netscape Certificate Management System 6.2 manuals available for free PDF download: Administrator's Manual, Manual
Netscape Certificate Management System 6.2 Administrator's Manual (874 pages)
Brand:
Netscape
| Category:
Software
| Size: 7.29 MB
Table of Contents
Table of Contents
3
About this Guide
23
What You Should Know
23
Who Should Read this Guide
23
What's in this Guide
24
Conventions Used in this Guide
27
Documentation
28
Chapter 1 Overview
31
Features
31
Subsystems
31
Certificate Manager Flexibility and Scalability
32
Interfaces
33
Logging
34
Auditing
34
Self Tests
34
Authorization
34
Authentication
35
Certificate Issuance
35
Certificate Profiles
35
Policy
36
Crls
36
Publishing
36
Notifications
37
Jobs
37
Dual Key Pairs
37
Hsms and Crypto Accelerators
37
Support for Open Standards
38
Java SDK Extension Mechanism for Customization
39
How Certificate Management System Works
39
CMS Basics
39
About the Certificate Manager
42
How the Certificate Manager Works
44
About the Registration Manager
47
How the Registration Manager Works
48
Data Recovery Manager
51
Online Certificate Status Manager
52
Deployment Scenarios
52
Single Certificate Manager
52
Certificate Manager and Registration Manager
53
Certificate Manager and Data Recovery Manager
55
Certificate Manager, Data Recovery Manager, and Registration Manager
57
Cloned Certificate Manager
58
System Architecture
59
CMS Component
60
HTTP Engine
61
Service Interfaces
62
JSS and the Java/Jni Layer
63
Nss
64
Pkcs #11
64
Management Tools
65
Jre
65
Internal LDAP Database
66
Administration Server
66
Cms Sdk
66
Support for Open Standards
67
Certificate Management Formats and Protocols
67
Security and Directory Protocols
68
Chapter 2 Installation
71
Installation and Configuration Overview
71
Installation and Configuration Process
72
Installation Overview
73
About the Installation Program
73
Installation Considerations
73
Installation Worksheet
78
Installing CMS
79
Uninstalling CMS
83
Chapter 3 Certificate Manager
85
Certificate Manager Deployment Considerations
85
Self-Signed Root Vs. Subordinate CA
86
Cloned CA
87
Certificate Manager Certificates
87
Certificate Manager Interfaces
91
Password Storage
93
Internal Database
93
Tokens
93
Installing a Certificate Manager
93
Installing a Certificate Manager as a Root CA
94
Installing a Certificate Manager as a Subordinate CA
99
Configuring the Certificate Manager
112
Adding Users
113
Configuring Authorization
113
Managing Certificates and the Certificate Database
114
Changing Ports and IP Addresses
118
Changing Subsystem Security Setting
118
Changing Passwords or Storage Settings
119
Configuring Logs
119
Changing Internal Database Settings
119
Configuring Self Test
119
Setting up a Mail Server
119
Changing the Certificate Issuance Rules
120
Setting up Authentication
121
Configuring Policies
123
Configuring Certificate Profiles
123
Configuring Publishing
124
Configuring OCSP Services
124
Setting up Crls
125
Setting up Notifications
125
Setting up Jobs
125
Customizing the End Entity Interface
126
Adding Data Recovery Services
126
How the Certificate Manager Works
126
Enrollment
126
Renewal
129
Revocation
129
Federal Bridge CA
130
Issuing Cross-Pair Certificates
130
Importing Cross-Pair Certificates
130
Publishing Cross-Pair Certificates
131
Cloning a CA
131
Chapter 4 Registration Manager
133
Registration Manager Deployment Considerations
133
Registration Managers Certificates
133
Registration Manager Interfaces
135
Password Storage
136
Internal Database
136
Signing Key Type and Length
136
Tokens
137
Installing a Registration Manager
137
Configuring a Registration Manager
150
Setting up Trust with a CA
150
Adding Users
150
Configuring Authorization
151
Managing Certificates and the Certificate Database
152
Changing Ports and IP Addresses
153
Changing Subsystem Security Setting
153
Changing Passwords or Storage Settings
153
Configuring Logs
154
Changing Internal Database Settings
154
Configuring Self Test
154
Setting up a Mail Server
154
Setting up Authentication
155
Configuring Policies
156
Configuring Certificate Profiles
157
Crls
158
Setting up Notifications
158
Setting up Jobs
159
Customizing the End Entity Interface
159
Adding Data Recovery Services
159
How a Registration Manager Works
159
Enrollment
159
Renewal
162
Revocation
162
Chapter 5 OCSP Responder
165
About OCSP Services
165
How OCSP Services Work
166
OCSP Response Signing
166
OCSP Responses
167
CMS OCSP Services
168
Setting up a Certificate Manager with OCSP Service
169
Online Certificate Status Manager Deployment Considerations
170
Online Certificate Status Manager Certificates
170
Interfaces
172
Password Storage
173
Tokens
173
Internal Database
173
Signing Key Type and Length
173
Installing an Online Certificate Status Manager
174
Setting up the OCSP Responder
186
Configuring the Online Certificate Status Manager
187
Adding Users
187
Configuring Authorization
187
Managing Certificates and the Certificate Database
188
OCSP Certificates
189
Changing Ports and IP Addresses
190
Changing Subsystem Security Setting
190
Changing Passwords or Storage Settings
190
Configuring Logs
190
Changing Internal Database Settings
191
Configuring Self Test
191
Setting up Jobs
191
Identifying the CA to the OCSP Responder
191
Configure the Revocation Info Stores
193
Testing Your OCSP Setup
195
Chapter 6 Data Recovery Manager
197
PKI Setup for Key Archival and Recovery
197
Clients that Can Generate Dual Key Pairs
198
Data Recovery Manager
198
Forms for Users and Key Recovery Agents
199
Key Archival Process
199
Why You Should Archive Keys
199
Where the Keys Are Stored
200
How Key Archival Works
201
Key Recovery Process
203
Key Recovery Agents and Their Passwords
203
How Agent-Initiated Key Recovery Works
206
Key Recovery Agent Scheme
209
Installing a Standalone Data Recovery Manager
213
Data Recovery Manager's Key Pairs and Certificates
213
Tokens
215
Internal Database
215
Key Type and Length
215
Installing the Data Recovery Manager
216
Configuring Key Archival and Recovery Process
228
Step 1. Set up the Key Archival Process
228
Step 2. Set up the Key Recovery Process
234
Step 3. Test Your Key Archival and Recovery Setup
236
Chapter 7 Administrative Basics
241
The Administrative Interface
242
Netscape Administration Server
242
Netscape Console
243
The CMS Console
245
Setting up Certificate Authentication for the CMS Console
247
System Passwords
250
Password-Quality Checker
250
Passwords Stored by the Server
250
Starting, Stopping, and Restarting CMS Instances
252
Starting a Server Instance
252
Stopping a Server Instance
253
Restarting a Server Instance
254
Subsystem Configuration Overview
255
Configuring Multiple CMS Instances
255
Removing an Instance from a System
256
Mail Server
257
Configuration Files
257
Locating the Configuration File
257
Editing the Configuration File
258
Guidelines for Editing the Configuration File
259
Duplicating Configuration from One Instance to Another
261
Logs
261
About Logs
262
Services that Are Logged
264
Log Levels (Message Categories)
265
Buffered Versus Unbuffered Logging
266
Configuring Logs in the CMS Console
268
Configuring Logs in the Cms.cfg File
270
Monitoring Logs
272
Signing Log Files
273
Registering a Log Module
274
Deleting a Log Module
275
Signed Audit Log
275
Setting up Signed Audit Logs
278
Audit Logging Failures
279
Self Tests
280
Self Test Logging
280
Self Test Configuration
281
Modifying Self Test Configuration
281
Ports
283
About Ports
283
Changing a Port Number
286
Changing an IP Addresses
287
The Internal Database
288
About the Internal Database
288
Changing the Internal Database Configuration
289
Enable SSL Client Authentication with the Internal Database
290
Restricting Access to the Internal Database
291
Managing the Certificate Database
292
Viewing and Deleting Certificate Database Content
293
Changing the Trust Settings of a CA Certificate
294
Installing a New CA Certificate in the Certificate Database
295
Installing a CA Certificate Chain in the Certificate Database
296
Certificate Setup Wizard
296
Consideration When Getting New Certificates for the Subsystems
312
Tokens for Storing CMS Keys and Certificates
314
Internal Token
314
External Token
314
Managing Tokens Used by the Subsystems
317
Hardware Cryptographic Accelerators
318
Configuring the Server's Security Preferences
318
Configuring the Server to Use Separate SSL Server Certificates
319
Getting an SSL Client Certificate for a Subsystem
320
Chapter 8 Authorization
323
About Authorization
323
How Authorization Works
324
Default Groups
324
Setting up Administrators, Agents, and Auditors
328
Creating a User and Assigning Them to a Group
328
Storing a User's Certificate
329
Setting up Agents Using the Automated Process
330
Setting up a Trusted Manager
331
Agent Certificates
335
First Agent Certificate for a Certificate Manager
335
Getting an Agent's Certificate from a Public CA
337
Getting an Agent's Certificate from Certificate Management System
338
Revocation Status Checking of Agent Certificates
339
Modifying CMS User Entries
341
Changing a CMS User's Login Information
341
Changing a CMS User's Certificate
342
Changing Members in a Group
343
Deleting a CMS User
343
Creating a New Group
344
Authorization for CMS Users
345
Access Control Lists (Acls)
345
Access Control Instructions (Acis)
345
Changing Privileges
345
How Acis Are Formed
346
Editing Acls
348
ACL Reference
350
Certserver.acl.configuration
350
Certserver.admin.certificate
351
Certserver.admin.request.enrollment
351
Certserver.auth.configuration
351
Certserver.ca.certificate
352
Certserver.ca.certificates
353
Certserver.ca.configuration
353
Certserver.ca.connector
354
Certserver.ca.clone
354
Certserver.ca.crl
354
Certserver.ca.directory
355
Certserver.ca.group
355
Certserver.ca.ocsp
355
Certserver.ca.profiles
356
Certserver.ca.profile
356
Certserver.ca.requests
356
Certserver.ca.request.enrollment
357
Certserver.ca.request.profile
357
Certserver.ca.systemstatus
358
Certserver.ee.certificate
358
Certserver.ee.certificates
359
Certserver.ee.certchain
359
Certserver.ee.crl
359
Certserver.ee.profile
360
Certserver.ee.profiles
360
Certserver.ee.facetofaceenrollment
360
Certserver.ee.request.enrollment
361
Certserver.ee.request.facetofaceenrollment
361
Certserver.ee.request.ocsp
361
Certserver.ee.request.revocation
362
Certserver.ee.requeststatus
362
Certserver.general.configuration
362
Certserver.job.configuration
363
Certserver.kra.certificate.transport
364
Certserver.kra.configuration
364
Certserver.kra.connector
365
Certserver.kra.key
365
Certserver.kra.keys
365
Certserver.kra.request
366
Certserver.kra.requests
366
Certserver.kra.request.status
366
Certserver.kra.systemstatus
366
Certserver.log.configuration
367
Certserver.log.configuration.signedaudit.expirationtime
367
Certserver.log.configuration.filename
368
Certserver.log.content.signedaudit
368
Certserver.log.content
369
Certserver.ocsp.ca
369
Certserver.ocsp.cas
370
Certserver.ocsp.certificate
370
Certserver.ocsp.configuration
370
Certserver.ocsp.crl
371
Certserver.policy.configuration
371
Certserver.profile.configuration
372
Certserver.publisher.configuration
373
Certserver.ra.configuration
373
Certserver.ra.certificate
374
Certserver.ra.connector
374
Certserver.ra.facetofaceenrollment
375
Certserver.ra.facetofaceenrollment.enablehosts
375
Certserver.ra.group
375
Certserver.ra.profile
376
Certserver.ra.profiles
376
Certserver.ra.request.enrollment
376
Certserver.ra.request.profile
377
Certserver.ra.requests
377
Certserver.registry.configuration
378
Certserver.ra.systemstatus
378
Certserver.usrgrp.administration
379
Chapter 9 Authentication
381
Enrollment Overview
381
How Authentication Works
383
About Renewal
384
Dual-Key Pairs
384
Agent-Approved Enrollment
385
Setting up Agent-Approved Enrollment
385
Automated Enrollment
386
Setting up Directory Based Enrollment
387
Setting up NIS Based Enrollment
389
Setting up Pin Based Enrollment
393
Setting up Portal Enrollment
398
Setting up CMC Enrollment
402
Agent Initiated End User Enrollment
406
Setting up Agent Initiated Enrollment
406
Certificate-Based Enrollment
407
Setting up Certificate Based Enrollment
407
Issuing and Managing Server Certificates
409
Renewal of Server Certificates
410
Getting Certificates for Netscape Version 4.X and Later Servers
410
CEP Enrollment
412
About CEP Enrollment
412
Setting up Automated CEP Enrollment
413
Setting up Publishing of CEP Certificates and Crls
417
Certificate Issuance to Routers or VPN Clients
419
Example
421
Testing Your Enrollment Setup
423
Managing Authentication Plug-Ins
424
Generating Files Required by Third-Party Object Signing Tools
425
Chapter 10 Certificate Profiles
429
About Certificate Profiles
429
How Certificate Profiles Work
431
Setting up Certificate Profiles
432
Modifying a Certificate Profile
433
Certificate Profile Reference
440
Input Reference
443
Certificate Request Input
443
Dual Key Generation Input
444
Key Generation Input
444
Subject Name Input
444
Submitter Information Input
445
Output Reference
445
Certoutputimpl
445
Defaults Reference
446
Authority Info Access Extension Default
446
Authority Key Identifier Extension Default
448
Basic Constraints Extension Default
448
CRL Distribution Points Extension Default
450
Extended Key Usage Extension Default
451
Freshest CRL Extension Default
453
Key Usage Extension Default
454
Name Constraints Extension Default
456
Netscape Comment Extension Default
460
Netscape Certificate Type Extension Default
460
No Default Extension
462
OCSP no Check Extension Default
462
Policy Constraints Extension Default
462
Policy Mappers Extension Default
464
Signing Algorithm Default
465
Subject Alternative Name Extension Default
465
Subject Key Identifier Extension Default
467
Subject Name Default
468
Token Supplied Subject Name Default
468
User Supplied Extension Default
469
User Supplied Key Default
469
User Signing Algorithm Default
470
User Supplied Subject Name Default
470
User Supplied Validity Default
470
Validity Default
471
Constraints Reference
471
Basics Constraints Extension Constraint
471
Extended Key Usage Extension Constraint
472
Extension Constraint
473
Key Constraint
473
Key Usage Extension Constraint
473
No Constraint
475
Netscape Certificate Type Extension Constraint
475
Signing Algorithm Constraint
476
Subject Name Constraint
477
Validity Constraint
477
Chapter 11 Policies
479
Introduction to Policy
480
About Policy
480
Policy Rules
481
Policy Processor
482
Using Predicates in Policy Rules
483
Configuring Policy Rules for a Subsystem
489
Modifying Policy Rules
489
Deleting Policy Rules
490
Adding New Policy Rules
490
Reordering Policy Rules
491
Testing Policy Configuration
492
Using Javascript for Policies
493
Constraints-Specific Policy Module Reference
493
Attributepresentconstraints
493
Dsakeyconstraints
496
Issuerconstraints
497
Keyalgorithmconstraints
498
Renewalconstraints
499
Renewalvalidityconstraints
499
Revocationconstraints
500
Rsakeyconstraints
501
Signingalgorithmconstraints
502
Subcanameconstraints
503
Uniquesubjectnameconstraints
504
Validityconstraints
506
Extension-Specific Policy Module Reference
508
Authinfoaccessext
508
Authoritykeyidentifierext
511
Basicconstraintsext
512
Certificatepoliciesext
514
Certificaterenewalwindowext
515
Certificatescopeofuseext
517
Crldistributionpointsext
520
Extendedkeyusageext
522
Genericasn1Ext
525
Issueraltnameext
529
Keyusageext
533
Nameconstraintsext
539
Nsccommentext
546
Nscerttypeext
547
Ocspnocheckext
550
Policyconstraintsext
551
Policymappingsext
552
Privatekeyusageperiodext
554
Removebasicconstraintsext
555
Subjectaltnameext
555
Subjectdirectoryattributesext
559
Subjectkeyidentifierext
560
Managing Policy Plug-In Modules
561
Registering a Policy Module
562
Deleting a Policy Module
563
Chapter 12 Automated Notifications
565
About Automated Notifications
565
Setting up Automated Notifications
566
Types of Automated Notifications
566
Determining End-Entity Email Addresses
567
Setting up Automated Notifications
567
Configuring Specific Notifications by Editing the Configuration File
569
Testing Your Configuration
569
Customizing Notification Messages
570
Notification Message Templates
571
Token Definitions
573
Chapter 13 Automated Jobs
575
About Automated Jobs
575
Setting up Automated Jobs
576
Types of Automated Jobs
576
Setting up the Job Scheduler
577
Frequency Settings for Automated Jobs
577
Enabling and Configuring the Job Scheduler
578
Setting up Specific Jobs
579
Enabling and Configuring Specific Jobs Using the CMS Console
580
Enabling Configuring Specific Jobs by Editing the Configuration File
581
Configuration Parameters of Renewalnotificationjob
582
Configuration Parameters of Requestinqueuejob
584
Configuration Parameters of Unpublishexpiredjob
585
Customizing Notification Messages
587
Templates for Summary Notifications
587
Token Definitions
588
Managing Job Plug-Ins
590
Registering or Deleting a Job Module
590
Chapter 14 Revocation and Crls
591
Revocation
591
Authentication of End Users During Certificate Revocation
592
Certificate Revocation Forms
593
Cmcrevocation
594
Setting up CMC Revocation
594
Testing CMC Revoke
595
About Crls
596
Reasons for Revoking a Certificate
597
Revocation Checking by Netscape Servers
598
Publishing of Crls
598
CRL Issuing Points
599
Delta Crls
599
How Crls Work
599
Setting up the Issuance of Crls
601
Configuring Issuing Points
602
Configuring Crls for each Issuing Point
603
Setting CRL Extensions
605
CRL Extension Reference
606
Authoritykeyidentifier
606
Crlnumber
607
Crlreason
607
Deltacrlindicator
608
Freshestcrl
608
Holdinstruction
609
Invaliditydate
610
Issueralternativename
610
Issuingdistributionpoint
612
Chapter 15 Publishing
615
About Publishing
616
About Publishers
617
About Mappers
617
About Rules
617
About Publishing to Files
618
About LDAP Publishing
618
About OCSP Publishing
619
How Publishing Works
619
Setting up Publishing
620
Publishers
623
Configuring Publishers for Publishing to a File
623
Configuring Publishers for Publishing to OCSP
625
Configuring Publishers for LDAP Publishing
628
Publisher Plug-In Module Reference
628
Mappers
632
Configuring Mappers
632
Mapper Plug-In Modules Reference
635
Rules
644
Modifying Publishing Rules for Certificates and Crls
644
Rule Instance Reference
648
Enabling Publishing
651
Testing Publishing to Files
653
Configuring the Directory for LDAP Publishing
655
Schema
656
Entry for the CA
657
Directory Authentication Method
658
Updating Certificates and Crls in a Directory
658
Manually Updating Certificates in the Directory
659
Manually Updating the CRL in the Directory
660
Registering and Deleting Mapper and Publisher Plug-In Modules
661
Chapter 16 Configuring CMS for High Availability
663
CMS High Availability Overview
663
Architecture of a Failover System
664
Load Balancing
665
Cloning the Certificate Manager
666
Cloning Preparation
666
Cloning the CA
668
Testing the CA Cloned-Master Connection
679
Additional CRL Scheduling Information
680
Cloned-Master CA Conversion
681
Converting a Master CA into a Cloned CA
681
Converting a Cloned CA into a Master CA
682
Cloning the Online Certificate Status Manager
684
Preparing to Clone the Online Certificate Status Manager
685
Cloning the OCSP Responder
686
Testing the OCSP Cloned-Master Connection
690
Cloned-Master OCSP Responder Conversion
690
Converting a Cloned OCSP Responder into a Master OCSP Responder
691
Cloning the Data Recovery Manager
692
Preparing to Clone the DRM
692
Cloning the DRM
693
Testing the DRM Cloned-Master Connection
698
Cloned-Master DRM Responder Conversion
698
Security Requirements for the IT Environment
699
Appendix A Common Criteria Environment: Security Requirements
700
Security Audit (FAU)
700
Cryptographic Support (FCS)
703
Identification and Authentication (FIA)
704
Security Management (FMT)
705
Protection of the TSF (FPT)
707
CIMC TOE Access Control Policy
709
Trusted Path/Channels (FTP)
709
Appendix B Common Criteria Environment: Setup and Operations
711
PKI Overview
711
Security Objectives
711
IT Environment Assumptions
712
Reliable Timestamp
712
Private and Secret Key Zeroization
712
Password and Certificate Storage
713
Hardware Token
713
Protection of Private and Secret Keys
713
Supported Operating Systems
714
Supported Browsers
714
Security Requirements for the IT Environment
712
TOE Security Environment Assumptions
712
CMS Privileged Users and Groups (Roles)
714
About Roles
717
Ocsp
717
CMS Common Criteria Environment Setup and Installation Guide
718
Understanding Setup of Common Criteria Evaluated Netscape CMS
718
CMS Common Criteria Environment Setup and Installation Process
718
Appendix C Understanding the Common Criteria Evaluated CMS Setup
721
Understanding the Common Criteria Environment
721
Secure Environment
721
CMS Roles Assignment
722
Who Needs to be Present
722
Understanding Operating System Setup (Users, Groups, and File Permissions)
722
Understanding CMS Installation
723
Configuring CMS to Use Hardware Tokens
723
Revocation Checking
723
SSL Client Authentication with the Internal Database
724
CMS Administrative Console
724
Backup and Restore of a CMS Subsystem
724
Common Criteria Deployment Scenarios
725
Features that Are Not Part of the Common Criteria Environment
725
Understanding Subsystem Setup
726
CMS Role Users and Authorization
726
Audit Logs
727
Certificate Profiles
727
Certificate Policies
728
Authentication
728
Crls
728
Jobs
728
Publishing
729
Notifications
729
Self Tests
729
Trust between Subsystems
729
Key Archival and Recovery
730
OCSP Responder Revocation Information Store
730
Common Criteria Environment Setup Procedures
730
Appendix D Common Criteria Environment: Security Objectives
731
Security Objectives for the TOE
731
Authorized Users
731
System
732
Cryptography
732
External Attacks
732
Security Objectives for the Environment
732
Non-IT Security Objectives for the Environment
733
IT Security Objectives for the Environment
735
Security Objectives for both the TOE and the Environment
735
Appendix E Common Criteria Environment: TOE Security Environment Assumptions
739
Secure Usage Assumptions
739
Personnel Assumptions
739
Physical Assumptions
741
Connectivity Assumptions
741
Authorized Users
741
Cryptography
742
System
742
External Attacks
743
Organization Security Policies
743
Appendix F Certificate Download Specification
745
Data Formats
745
Binary Formats
745
Text Formats
746
Importing Certificate Chains
747
Importing Certificates into Netscape Communicator
747
Importing Certificates into Netscape Servers
748
Object Identifiers
748
Appendix G Certificate and CRL Extensions
751
Introduction to Certificate Extensions
751
Structure of Certificate Extensions
753
Sample Certificate Extensions
755
Standard X.509 V3 Certificate Extensions
757
Introduction to CRL Extensions
768
Structure of CRL Extensions
769
Sample CRL and CRL Entry Extensions
770
Standard X.509 V3 CRL Extensions
771
Extensions for Crls
771
CRL Entry Extensions
774
Netscape-Defined Certificate Extensions
775
CA Certificates and Extension Interactions
776
Appendix H Object Identifiers
779
Registration of Object Identifiers
779
What's an Object Identifier
779
Appendix I Distinguished Names
781
What Is a Distinguished Name
781
Distinguished Name Components
782
Dns in Certificate Management System
784
Extending Attribute Support
786
Role of Distinguished Names in Certificates
791
Appendix J Introduction to Public-Key Cryptography
797
Internet Security Issues
797
Encryption and Decryption
799
Symmetric-Key Encryption
800
Public-Key Encryption
801
Key Length and Encryption Strength
802
Digital Signatures
803
Certificates and Authentication
804
A Certificate Identifies Someone or Something
805
Authentication Confirms an Identity
806
How Certificates Are Used
810
How CA Certificates Are Used to Establish Trust
818
Managing Certificates
824
Issuing Certificates
824
Certificates and the LDAP Directory
825
Key Management
825
Renewing and Revoking Certificates
826
Registration Authorities
827
Appendix K Introduction to SSL
829
The SSL Protocol
829
Man-In-The-Middle Attack
840
Advertisement
Netscape Certificate Management System 6.2 Manual (95 pages)
Brand:
Netscape
| Category:
Software
| Size: 0.83 MB
Table of Contents
Table of Contents
3
About this Guide
7
What You Should Know
7
Who Should Read this Guide
7
What's in this Guide
8
Conventions Used in this Guide
9
Documentation
11
Chapter 1 Agent Services
13
Overview of Certificate Management System
13
Agent Tasks
17
Certificate Manager Agent Services
17
Registration Manager Agent Services
19
Data Recovery Manager Agent Services
20
Online Certificate Status Manager Agent Services
21
Forms for Performing Agent Operations
22
Accessing Agent Services
25
Administrator/Agent Certificate Enrollment
25
Agent Services Entry Page
28
Services Summary Page
28
Chapter 2 Working with Certificate Profiles
29
About Certificate Profiles
29
How Certificate Profiles Work
31
Enabling and Disabling Certificate Profiles
32
Getting Certificate Profile Information
32
End User Certificate Profile
33
Policy Information
33
To Approve a Certificate Profile
33
To Disapprove a Certificate Profile
34
Chapter 3 Handling Certificate Requests
35
Managing Requests
35
Listing Certificate Requests
39
Selecting a Request
41
Approving Requests
42
Adjusting, Verifying, and Approving a Certificate Profile Request
43
Assigning a Request
44
Adjusting, Verifying, and Approving a Request
45
Other Options for Handling Requests
48
Sending an Issued Certificate to the Requester
49
Chapter 4 Finding and Revoking Certificates
53
Basic Certificate Listing
53
Advanced Certificate Search
55
Examining Certificates
60
Revoking Certificates
61
Searching for Certificates to Revoke
61
Revoking One or more Certificates
62
Revoking One Certificate
62
Revoking Multiple Certificates
63
Confirming a Revocation
63
Managing the Certificate Revocation List
65
Viewing or Examining Crls
65
Updating the CRL
66
Chapter 5 Publishing to a Directory
69
Working with a Directory Server
69
Automatic Directory Updates
69
Manual Directory Updates
70
Updating the Directory with Changes
70
Chapter 6 Recovering Encrypted Data
73
Finding and Recovering Keys
73
Finding Archived Keys
74
Selecting a Key
76
Recovering Keys
77
Remote Recovery Authorization
79
Viewing Key Service Requests
80
Listing Key Service Requests
81
Selecting a Request
82
Chapter 7 Managing OCSP Service Related Tasks
85
Listing Cas Identified by Online Certificate Status Manager
85
Identifying a CA to Online Certificate Status Manager
86
Adding a CRL to Online Certificate Status Manager
88
Checking the Revocation Status of a Certificate
90
Index
93
Netscape Certificate Management System 6.2 Manual (90 pages)
Command-line tools guide
Brand:
Netscape
| Category:
Software
| Size: 0.51 MB
Table of Contents
Table of Contents
3
About this Guide
7
What You Should Know
7
Who Should Read this Guide
7
What's in this Guide
8
Conventions Used in this Guide
9
Documentation
11
Chapter 1 Command-Line Tools
13
Chapter 2 CMS Upgrade Utility
19
Before Upgrading
20
Backing up Your Previous CMS Instance
20
Upgrading
20
After Upgrading
31
Chapter 3 Password Cache Utility
33
Location
33
Syntax
34
Usage
35
Listing the Contents of the Password Cache
35
Generating a New Protection Key for the Password Cache
36
Adding a New Entry to the Password Cache
37
Changing the Password of an Entry in the Password Cache
37
Deleting an Entry from the Password Cache
38
Chapter 4 Auditverify
39
About the Auditverify Tool
39
Setting up the Auditor's Database
39
Audit Verify Tool Syntax
40
Return Values
41
Using the Audit Verify Tool
41
Chapter 5 PIN Generator Tool
43
Locating the PIN Generator Tool
43
The Setpin Command
44
Command-Line Syntax
44
Example
49
How the Tool Works
49
Input File
51
Output File
53
How Pins Are Stored in the Directory
54
Exit Codes
54
Chapter 6 Extension Joiner Tool
57
Location
58
Syntax
58
Usage
58
Chapter 7 Backing up and Restoring Data
61
Backup and Restore Tools
61
Backing up Data
62
What the Backup Tool Does
63
What the Backup Tool Does Not Do
65
Running the Backup Tool
65
After You Finish a Backup
66
Signing Backup Data Using Cmsutil
67
Verifying Signed Backup Data Using Cmsutil
69
Restoring Data
70
Before You Restore Data
71
Running the Restore Tool
72
Chapter 8 ASCII to Binary Tool
77
Location
77
Syntax
77
Example
78
Chapter 9 Binary to ASCII Tool
79
Location
79
Syntax
79
Example
80
Chapter 10 Pretty Print Certificate Tool
81
Location
81
Syntax
81
Examples
82
Chapter 11 Pretty Print CRL Tool
85
Location
85
Syntax
85
Example
86
Index
89
Advertisement
Advertisement
Related Products
Netscape Certificate Management System 6.0
Netscape Certificate Management System 6.01
Netscape CERTIFICATE MANAGEMENT SYSTEM 7.0
Netscape Certificate Management System 6.1
Netscape NETSCAPE MANAGEMENT SYSTEM 4.5
Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - AGENT GUIDE
Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - COMMAND-LINE
Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN
Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
Netscape Categories
Server
Software
Gateway
More Netscape Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL