System Overview
54
Netscape Certificate Management System Installation and Setup Guide • May 2002
The Data Recovery Manager indexes stored keys by owner name and a hash of the
public key. This arrangement allows for highly efficient searching by name (all
stored keys belonging to that owner are returned) or by public key (only the
requested key is returned).
Each CMS manager has its own database for storing private information such as
certificate records, key archival records, and the request queue.
This database is a
preconfigured Netscape Directory Server (version 6.x) installed transparently at the time of
CMS installation.
In this guide, the Directory Server instance used by a subsystem for
storing its data is called an internal database. For example, the Certificate Manager
uses its internal database for storing certificates and certificate requests; the
Registration Manager uses its internal database for storing certificate requests (but
not certificates, which are stored by the Certificate Manager only); the Data
Recovery Manager uses its internal database for storing archived encryption keys;
and the Online Certificate Status Manager uses its internal database for storing
CRLs published by Certificate Managers. Using Netscape Directory Server as an
internal database allows Certificate Management System to leverage the scalability
and industry-leading performance of Directory Server, replacing the Relational
Database Management System (RDBMS) used in Certificate Server 1.0x.
Some deployments require installation of two subsystems in a single CMS instance
on a single machine, for example, Certificate Manager and Data Recovery
Manager, Registration Manager and Data Recovery Manager, or Data Recovery
Manager and Online Certificate Status Manager. In these dual-manager
installations, both subsystems use the same internal database for storing data and
communication between the two subsystems takes place internally (that is, within
the same running process) rather than via HTTPS. (Note that a Certificate Manager
performs all Registration Manager tasks, including end-entity interactions.
Registration Managers are required only for remote or delegated administration of
the CA.)
Throughout this guide, the term CMS administrator describes the person who
installs and configures one or more managers and sets up privileges for the users
who manage those subsystems. The users who manage day-to-day interactions of
end entities with each manager, as well as other aspects of the PKI, are called CMS
agents collectively, or the Certificate Manager agent, Registration Manager agent, and
Data Recovery Manager agent, and Online Certificate Status Manager agent. The role of
an agent is to approve, defer, or reject requests using Agent Services web pages
served by the CMS manager for which that agent has been assigned the necessary
privileges. The privileges of each agent can be confined to a specific manager or can
include several different managers.
Summary of Contents for NETSCAPE DIRECTORY SERVER 6.01
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 01 May 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide May 2002...