Key Recovery Process
Chapter
22
Setting Up Key Archival and Recovery
723
Local Versus Remote Key Recovery Authorization
Key recovery agents can authorize the recovery of a key locally or remotely. The
overview of local and remote authorization provided in this section is intended to
help you determine which to use for your organization. You may find it useful to
take a look at the Data Recovery Manager agent-specific information in the CMS
Agent’s Guide.
Local Key Recovery Authorization
To initiate key recovery locally, the required number of recovery agents assemble
in front of the host system that allows them to access the Data Recovery Manager
Agent Services interface. Either a Data Recovery Manager agent or a key recovery
agent with a Data Recovery Manager agent certificate accesses the Key Recovery
form hosted by the Data Recovery Manager and initiates the key recovery process.
All key recovery agents enter their IDs and passwords on the same Recovery
Authorization form presented by the Data Recovery Manager. If the information
presented is correct, the Data Recovery Manager retrieves the requested key and
returns it along with the corresponding certificate in the form of a PKCS #12
package.
By default, key recovery authorization is local.
Remote Key Recovery Authorization
To authorize key recovery remotely, the required number of recovery agents access
the Data Recovery Manager Agent Services interface at their own locations and use
the Authorize Recovery button to enter each authorization separately.
Before key recovery agents can authorize key recovery remotely, they must be set
up to function as Data Recovery Manager agents. This role gives them the privilege
to access the Data Recovery Manager’s Agent Services interface directly.
In remote key recovery authorization, one of the key recovery agents informs all
required recovery agents about an impending remote key recovery process. All
recovery agents access the Key Recovery page hosted by the Data Recovery
Manager. One of the agents initiates the key recovery process. The Data Recovery
Manager returns a notification to each agent. The notification includes a recovery
authorization reference number identifying the particular key recovery request that
the agent is required to authorize. Each agent uses the reference number and
authorizes key recovery separately.
Summary of Contents for NETSCAPE DIRECTORY SERVER 6.01
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 01 May 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide May 2002...