System Overview
Chapter
1
Introduction to Certificate Management System
55
System administrators set up CMS subsystems through Netscape Console, and
agents manage end-entity requests and certificates through HTML pages. For more
information about facilities available to administrators and agents, see Chapter 13,
“Managing Privileged Users and Groups.”
Plug-in Modules
Certificate Management System includes a plug-in architecture for code modules
that authenticate user identities and code modules that enforce policies.
Each type of request from an end user—for certificate enrollment, renewal,
revocation, or retrieval—is handled by a different servlet, a piece of Java code
designed for that kind of request. Each servlet processes the request using the
appropriate protocols (such as the KEYGEN HTML tag or PKCS #10) for each type
of end entity. Additional servlets control interactions with administrators and
agents.
The sections that follow provide an overview of the plug-in modules provided
with Certificate Management System. For detailed information about all the
plug-in modules, refer to CMS Plug-Ins Guide. To locate this guide, see “Where to
Go for Related Information” on page 28.
Authentication Plug-in Modules
An authentication module is a set of rules (implemented as a Java class) for
authenticating an end user, server, or other entity that needs to interact with a CMS
manager. (Similar rules are used to authenticate agents and administrators, but
they are built into Certificate Management System instead of being implemented as
plug-in modules.) With a typical end-user enrollment, the user supplies the
information requested by the Registration Manager on an enrollment form, and
then the servlet uses an authentication module specified within the form to
validate the information and authenticate the user’s identity. This simple input
value makes it possible to use custom authentication for any form without
changing the corresponding servlet code.
Both the Certificate Manager and Registration Manager support client SSL
certificate-based authentication (for both agents and end entities). Netscape
Console supports user ID- and password-based authentication for administrators.
Registration Managers and Certificate Managers can also be configured to use any
of the authentication modules provided for authenticating end-users during
certificate enrollments; see Table 1-2.
Summary of Contents for NETSCAPE MANAGEMENT SYSTEM 6.0
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 0 March 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide March 2002...