Sun™ ONE Certificate Server 4.7

Configuring the RA List Certificates Page

Updated July 25, 2002




This document provides instructions for configuring the List Certificates page of the Registration Manager GUI. This is a required if you want the Registration Manager to be able to view and revoke certificates. The List Certificates GUI is filled with a text message—and rendered unusable—until you configure the page.






Overview

Enabling this feature is a two-part procedure.

  1. Configure List Certificates page to point to the CA's host and agent port.

  2. Update the CA list of users to include those users who should have access to the CA's certificate listing and revocation servlets.




Configuring the List Certificates Page

You must update this page to point to the CA's host and agent port.



Note

If you do not want the Registration Manager to be able to view and revoke certificates, then skip this step and follow the instructions in the next section, "Disabling This Feature."



  1. Modify the following file: <server-root>/cert-<ra-instance>/web/agent/ra/queryBySerial.html Instructions are in the file. Look for the string ca-host.domain:agent-port.

  2. Update the CA list of users to include those users who should have access to the CA servlets which handle RA requests for listing and revoking certificates.

    1. In the Certificate Server window, click Configuration.

    2. In the navigation tree, highlight Users and Groups.

    3. For users who are already in the CA's list of users and must be given access, click on the Groups tab, and then add each user to the Remote Revocation Agents group.



    4. If a user is not in the CA's list of users, then add the user as type Agent. Be sure to change the default group selection from Certificate Manager Agents to Remote Revocation Agents.



  3. Import a certificate for each new user added to the CA..



    Note

    It is not necessary to issue a second certificate to the RA agent. The same certificate used by the RA agent to access the RA's aent pages may be used here.








Disabling This Feature

If you don't want to use the RA certificate listing and revocation feature, then you can comment out "List Certificates" in the following file:

<server-root>/cert-<ra-instance>/web/agent/ra/menuListReq.html.

Example:



<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
<table border="0" cellspacing="4" cellpadding="4" width="100%">
<tr>
<td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
       <a href="frameListReq.html" target="middle"><b><font color=black>List Requests</font></b></a></font></td>
</tr>
<!--
<tr>
<td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
<a href="frameList.html" target="middle"><b>List   Certificates</b></a></font></td>
</tr>
-->
</table>
</body>
</html>



Last Updated August 09, 2002