Renewal of Server Certificates
Chapter
24
Issuing and Managing Server Certificates
787
Renewal of Server Certificates
Every certificate issued by Certificate Management System has a validity period
that determines its expiration date. The validity period of a certificate is
determined by the validity constraints policy settings at the time the certificate was
issued (see section “ValidityConstraints Plug-in Module” in CMS Plug-Ins Guide).
For a certificate to be valid beyond its expiration date, it must be renewed.
Otherwise, the certificate becomes invalid, and the entity owning the certificate
will no longer be able to use it. Also, the expired certificate will take up space in
your publishing directory and in the internal database of Certificate Management
System.
Note that the Job scheduler component of Certificate Management System enables
you to schedule a job for removing expired certificates from the publishing
directory. For details, see “Configuring a Subsystem to Run Automated Jobs” on
page 545.
Certificate Management System allows server administrators to renew their
certificates by using the server enrollment form hosted by a Certificate Manager or
Registration Manager. The renewal process is similar to the enrollment process in
that the administrators must manually generate the certificate-signing request
using the server’s key pair, paste that request in the manual enrollment form, and
submit the request. For details, see “Certificate Issuance to Servers” on page 777.
For renewing the certificates of a Certificate Manager, Registration Manager, or
Data Recovery Manager, see “Renewing Certificates for the Subsystems” on
page 474.
Revocation of Server Certificates
Certificate Management System allows a certificate to be revoked by an end user
(the original owner of the certificate), a server administrator, or by a Certificate
Manager or Registration Manager agent. End users can revoke certificates by using
the Revocation form provided in the end-entity services interface. Agents can
revoke end-entity certificates by using the appropriate form in the Agent Services
interface. Certificate-based (SSL client authentication) or
challenge-password-based authentication is required in both cases; for details, see
“Authentication of End Users During Certificate Revocation” on page 497.
•
An end user can revoke only those certificates that contain the same subject
name as in the certificate presented for authentication; if using a challenge
password, the user can revoke only the certificate that is associated with that
password. After successful authentication, the server lists the certificates
Summary of Contents for NETSCAPE DIRECTORY SERVER 6.01
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 01 May 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide May 2002...