Configuring a Certificate Manager to Publish Certificates and CRLs
604
Netscape Certificate Management System Installation and Setup Guide • May 2002
d.
Scroll through the list to see if it contains the SSL server certificate that you
want to use.
If the server has an SSL server certificate, check the CA that has issued the
certificate. If this CA is trusted by the Certificate Manager, you can
configure Directory Server to use the same certificate. If the CA is
untrusted by the Certificate Manager and you want the Certificate
Manager to trust it, you need to check the Certificate Manager’s certificate
database for the CA certificate, add it if it isn’t present, and specify that it
be trusted. For instructions on manipulating the Certificate Manager’s
certificate database, see “Changing the Trust Settings of a CA Certificate”
on page 485.
After you’ve made sure that the CA is trusted by the Certificate Manager,
go to Step 10 on page 610.
If the server does not have an SSL server certificate, or if you don’t want
the Certificate Manager to trust the CA that has issued the Directory
Server’s certificate, you must get an SSL server certificate for the Directory
Server from a CA that is trusted by the Certificate Manager. You may get
this certificate from the Certificate Manager itself. The instructions that
follow (Step 2 through Step 9) explain how to do this.
2.
Generate an SSL server certificate request for Directory Server.
The steps below explain in general how to generate a certificate signing request
(CSR) using the Certificate Setup Wizard, which is built into the Directory
Server window available within Netscape Console. For detailed instructions on
each step of the wizard, you should read the on-screen instructions and view
the online help by clicking the Help button.
In the first step of generating the CSR, you will be asked to specify whether the
certificate is for a new key pair or an exiting key pair and the method for
submitting the CSR to the CA.
If you want to request the certificate from an external CA, you should click the
Show CA button to see whether the CA of your interest is listed there. If it is
listed, you can open the SSL server enrollment interface of that CA so that you
can paste the CSR the wizard will generate.
If you want to request the certificate from the Certificate Manager, there are
three possible ways in which you can submit the CSR to the Certificate
Manager:
❍
Submit the CSR directly from the wizard; in this method, you do not need
to copy the CSR the wizard generates.
Summary of Contents for NETSCAPE DIRECTORY SERVER 6.01
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 01 May 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide May 2002...