Sun ONE Certificate Server 4.7
Configuring the RA List Certificates Page
Updated July 25, 2002
This document provides instructions for configuring the List Certificates page of the Registration Manager GUI. This is a required if you want the Registration Manager to be able to view and revoke certificates. The List Certificates GUI is filled with a text messageand rendered unusableuntil you configure the page.
Overview
Enabling this feature is a two-part procedure.
-
Configure List Certificates page to point to the CA's host and agent port.
-
Update the CA list of users to include those users who should have access to the CA's certificate listing and revocation servlets.
Configuring the List Certificates Page
You must update this page to point to the CA's host and agent port.
Note
|
If you do not want the Registration Manager to be able to view and revoke certificates, then skip this step and follow the instructions in the next section, "Disabling This Feature."
|
-
Modify the following file: <server-root>/cert-<ra-instance>/web/agent/ra/queryBySerial.html Instructions are in the file. Look for the string ca-host.domain:agent-port.
-
Update the CA list of users to include those users who should have access to the CA servlets which handle RA requests for listing and revoking certificates.
-
In the Certificate Server window, click Configuration.
-
In the navigation tree, highlight Users and Groups.
-
For users who are already in the CA's list of users and must be given access, click on the Groups tab, and then add each user to the Remote Revocation Agents group.
-
If a user is not in the CA's list of users, then add the user as type Agent. Be sure to change the default group selection from Certificate Manager Agents to Remote Revocation Agents.
-
Import a certificate for each new user added to the CA..
Note
|
It is not necessary to issue a second certificate to the RA agent. The same certificate used by the RA agent to access the RA's aent pages may be used here.
|
Disabling This Feature
If you don't want to use the RA certificate listing and revocation feature, then you can comment out "List Certificates" in the following file:
<server-root>/cert-<ra-instance>/web/agent/ra/menuListReq.html.
Example:
|
<head>
|
<title>Untitled Document</title>
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
|
</head>
|
|
<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
|
<table border="0" cellspacing="4" cellpadding="4" width="100%">
|
<tr>
|
<td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana,
sans-serif">
|
<a href="frameListReq.html" target="middle"><b><font color=black>List
Requests</font></b></a></font></td>
|
</tr>
<!--
|
<tr>
|
<td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana,
sans-serif">
|
<a href="frameList.html" target="middle"><b>List
Certificates</b></a></font></td>
|
</tr>
-->
|
</table>
|
</body>
|
</html>
|
|
|
Last Updated August 09, 2002