Introduction to Authentication
Chapter
15
Setting Up End-User Authentication
495
End-Entity Authentication
This section provides an overview of how Certificate Management System
authenticates end entities during certificate enrollment, renewal, and revocation
processes.
Authentication of End Entities During Certificate Enrollment
When an end entity submits a certificate request, a Certificate Manager or
Registration Manager’s first task is to identify and authenticate the end entity. The
server must perform this task before it can register the end entity for certificate
issuance. This task includes verifying the end entity’s identity based on
information the end entity provides and returning enough information about the
end entity so that the subject name for the certificate can be constructed.
To cater to a variety of end-entity enrollment scenarios, Certificate Management
System supports both manual and automated certificate issuance. For detailed
description of authentication methods supported by the Certificate Manager and
Registration Manager, see Chapter 1, “Authentication Plug-in Modules” of CMS
Plug-Ins Guide. To locate an online version of this guide, open the
<server_root>/manual/index.html
file.
Authentication of End Users During Certificate Renewal
When an end user submits a certificate renewal request, the first step in the
renewal process is for the Certificate Manager or Registration Manager to identify
and authenticate the end user. This step includes making sure that the end user’s
current certificate is either “valid” or “expired” (“revoked” is not acceptable).
Certificate Management System verifies the authenticity of a certificate renewal
request by mapping the subject name in the certificate being presented for renewal
to certificates in its internal database. The server renews the certificate only if the
subject name maps successfully to a certificate in its internal database. If the
internal database contains more than one certificate with matching subject name as
that the one presented by the end entity for client authentication, the server lists all
the matching certificates and expects the end entity to pick one for renewal.
Here are a few things to keep in mind about certificate renewal:
•
The certificate being presented by the end user for renewal must be issued by a
Certificate Manager.
•
If the renewal request is processed by a Registration Manager, the end-user
certificate presented must be issued by a Certificate Manager that the
Registration Manager knows and is connected to; the Registration Manager
forwards certificate requests to this Certificate Manager for signing.
Summary of Contents for NETSCAPE MANAGEMENT SYSTEM 6.0
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 0 March 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide March 2002...