Keys and Certificates for the Main Subsystems
426
Netscape Certificate Management System Installation and Setup Guide • March 2002
If you configure the Certificate Manager for SSL-enabled communication with a
publishing directory, the Certificate Manager also uses its SSL server certificate for
SSL client authentication to the publishing directory. This is the default
configuration. You can configure the Certificate Manager to use an alternate
certificate for this purpose; see “Getting an SSL Client Certificate for a Subsystem”
on page 461.
If you configure the Certificate Manager to function as a trusted manager to a Data
Recovery Manager, the Certificate Manager also uses its SSL server certificate for
SSL client authentication to the Data Recovery Manager. For details on trusted
managers, see “Trusted Managers” on page 380. You can also configure the
Certificate Manager to use an alternate certificate for this purpose; see “Getting an
SSL Client Certificate for a Subsystem” on page 461.
Registration Manager’s Key Pairs and
Certificates
The Registration Manager uses the following certificates:
•
Signing Key Pair and Certificate
•
SSL Server Key Pair and Certificate
Signing Key Pair and Certificate
Every Registration Manager you have installed has a certificate, identified as the
Registration Manager signing certificate, whose public key corresponds to the private
key the Registration Manager uses to sign certificate requests before sending them
to the Certificate Manager for signing. The Registration Manager’s signature
provides persistent proof to the Certificate Manager that the Registration Manager
has processed the request. The first time you generated this certificate is when you
installed the Registration Manager. The default nickname for the certificate is
raSigningCert cert-<instance_id>
, where
<instance_id>
identifies the CMS
instance in which the Registration Manager is installed.
The Registration Manager’s signing certificate was issued by the CA to which you
submitted the certificate signing request. You might have submitted the request to
an internally deployed CA or a public CA. To find out the issuer name, follow the
instructions in “Viewing the Certificate Database Content” on page 482.
If you configure the Registration Manager to function as a trusted manager to
another subsystem, the Registration Manager uses its signing certificate for SSL
client authentication to the subsystem; this is the default configuration. For details,
see “Trusted Manager’s Certificate for SSL Client Authentication” on page 383.
Summary of Contents for NETSCAPE MANAGEMENT SYSTEM 6.0
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 0 March 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide March 2002...