|Previous Contents Index Next|
|iPlanet Certificate Management System Installation and Setup Guide|
About This Guide
The Installation and Setup Guide explains how to install, configure, and maintain iPlanet Certificate Management Server (CMS), and use it for issuing and managing certificates to various end entities, such as web browsers (users), servers, Virtual Private Network (VPN) clients, and CiscoTM routers.
The late renaming of this product has resulted in a situation where the new product name is not fully integrated into the shipping product. In particular, you will see the product referenced as iPlanet Certificate Management Server (CMS) within the product GUI and within the product documentation. For this release, please consider iPlanet Certificate Management Server and SunTM ONE Certificate Server as interchangeable names for the same product.
This preface has the following sections:
What's in This Guide
What's in This Guide
This guide covers topics that are listed below. You should use this guide in conjunction with the other CMS documentation, such as the ones that explain all the plug-ins and command-line tools that are provided for Certificate Management System. For a complete list of CMS documentation, see section Where to Go for Related Information.
"About This Guide" Describes what's covered in this guide, what you should already know, and where to look for more information. Part 1, "Overview and Demo Installation"
Chapter 1 "Introduction to Certificate Management System" Provides an overview of the Certificate Management System architecture for creating, deploying, and managing certificates.
Chapter 2 "Certificate Enrollment and Life-Cycle Management" Provides sample deployment scenarios.
Chapter 3 "Default Demo Installation" Describes how to set up a simple pilot that demonstrates the basic capabilities of a Certificate Manager. Part 2, "Planning and Installation"
Chapter 4 "Planning Your Deployment" Reviews basic decisions you should make as you plan your initial deployment.
Chapter 5 "Installation Worksheet" Provides a worksheet you can copy and use to collect the detailed information that you will need to provide during installation and configuration of individual subsystems.
Chapter 6 "Installing Certificate Management System" Describes the procedure for installing CMS subsystems on the basis of the information collected in Chapter 5.
Chapter 7 "Installing and Uninstalling CMS Instances" Describes how to create multiple instances, delete unwanted instances, clone instances, upgrade from a previous CMS version, and so on.
Chapter 8 "Starting and Stopping CMS Instances" Describes how to start, restart, and stop CMS instances. Part 3, "Configuration"
Chapter 9 "Administration Tasks and Tools" Explains the GUI-based administration tools, iPlanet Console and CMS window.
Chapter 10 "CMS Configuration" Shows a sample configuration file and explains the rules for editing the configuration file.
Chapter 11 "Setting Up Ports" Describes various ports used by a CMS instance and explains how to set up these ports.
Chapter 12 "Setting Up Internal Database" Describes the function of internal database and explains how to set it up.
Chapter 13 "Managing Privileged Users and Groups" Describes privileged users, their access rights, and how to create them for managing a CMS instance.
Chapter 14 "Managing CMS Keys and Certificates" Describes keys and certificates used by a CMS instance and explains how to renew and reissue them. Also provides information on installing hardware tokens.
Chapter 15 "Setting Up End-User Authentication" Describes authentication methods for different types of CMS users, and explains how to configure a Certificate Manager or Registration Manager to use a specific authentication method for end-user enrollment.
Chapter 16 "Setting Up Automated Notifications" Describes how to enable the automated notification featuresuch as notifying agents when a request gets queued and notifying users when their certificates are issuedto ease administration overheads.
Chapter 17 "Scheduling Automated Jobs" Describes how to schedule jobs that automatically perform certain certificate-related tasks at regular intervalssuch as removing expired certificates from the directory and notifying users before their certificates expireto ease administration overheads.
Chapter 18 "Setting Up Policies" Describes how to configure a CMS manager to use policy rules that govern the formulation and issuance of certificate content, such as key size, signing algorithm, validity period, extensions, and so on.
Chapter 19 "Setting Up LDAP Publishing" Provides an overview of LDAP publishing and describes how to configure a Certificate Manager to publish certificates and CRLs to an LDAP directory.
Chapter 20 "Publishing Certificates and CRLs to a File" Describes how to configure a Certificate Manager to publish certificates and CRLs to files for importing to other repositories.
Chapter 21 "Setting Up an OCSP Responder" Provides an overview of OCSP-compliant PKI setup and describes how to set up an OCSP-compliant PKI setup.
Chapter 22 "Setting Up Key Archival and Recovery" Describes how to archive end users' encryption private keys and recover them, if there's a need.
Chapter 23 "Managing CMS Logs" Describes how to enable logging, use logs to monitor the server's activities, and archive log files. Part 4, "Issuing and Managing Certificates"
Chapter 24 "Issuing and Managing Server Certificates" Describes how to issue SSL server certificates to other servers and manage the certificates.
Chapter 25 "Setting Up CEP Enrollment" Describes how to configure the server to issue router and VPN client certificates. Part 5, "Appendixes"
Appendix A "Certificate Download Specification" Describes the data formats used by Netscape Communicator 4.x for installing certificates.
Appendix B "Using SSL with iPlanet Web Server, Enterprise Edition 4.x" Explains how to set up client certificate authentication to work with Netscape Enterprise Server 3.x.
Appendix C "Export Control Information" Summarizes the cryptographic operations, key lengths, and cipher suites that have received US government approval for the export version of Certificate Management System. Glossary
Summarizes terms used in this guide and other CMS documentation.
What You Should Already Know
This guide is intended for experienced system administrators who are planning to deploy Certificate Management System. CMS agents should refer to iPlanet Certificate Management Server Agent's Guide for information on how to perform agent tasks, such as handling certificate requests and revoking certificates.
This guide assumes that you
Are familiar with the basic concepts of public-key cryptography and the Secure Sockets Layer (SSL) protocol.
Understand the concepts of intranet, extranet, and the Internet security and the role of digital certificates in a secure enterprise. These include the following topics:
Encryption and decryption
If you are new to these concepts, we recommend you read the security-related documents available online at this URL: http://docs.sun.com/db?p=coll/S1_nsCMS_42_Resources
You may also refer to the security-related appendixes (Appendix D and Appendix E) of the accompanying manual, Managing Servers with iPlanet Console.
Are familiar with the role of iPlanet Console in managing iPlanet servers. Otherwise, see the accompanying manual, Managing Servers with iPlanet Console.
Are reading this guide in conjunction with the documentation listed in section Where to Go for Related Information.
Conventions Used in This Guide
The following conventions are used in this guide:
Monospaced fontThis typeface is used for any text that appears on the computer screen or text that you should type. It's also used for filenames, functions, and examples.
ItalicItalic type is used for emphasis, book titles, and glossary terms.
Text within "quotation marks"Indicates cross-references to other topics within this guide.
BoldfaceBoldface type is used for various UI components such as captions and field names, and the terminology explained in the glossary.
Rotation frequency. From the drop-down list, select the interval at which the server should rotate the active error log file. The available choices are Hourly, Daily, Weekly, Monthly, and Yearly. The default selection is Monthly.
Monospaced [ ]Square brackets enclose commands that are optional.
Example: PrettyPrintCert <input_file> [<output_file>]
Monospaced <>Angle brackets enclose variables or placeholders. When following examples, replace the angle brackets and their text with text that applies to your situation. For example, when path names appear in angle brackets, substitute the path names used on your computer.
Example: Using Netscape Communicator 4.7 or later, enter the URL for the administration server: http://<hostname>:<port_number>
/A slash is used to separate directories in a path. If you use the Windows NT operating system, you should replace / with \ in paths.
Example: Except for the Security Module Database Tool, you can find all the other command-line utilities at this location: <server_root>/bin/cert/tools
Sidebar textSidebar text marks important information. Make sure you read the information before continuing with a task.
Where to Go for Related Information
This section summarizes the documentation that ships with Certificate Management System, using these conventions:
<server_root> is the directory where the CMS binaries are kept (which you specify during installation). The documentation set for Certificate Management System includes the following:
Managing Servers with iPlanet Console
Provides background information on basic cryptography concepts and the role of iPlanet Console. To view the HTML version of this guide, open this file: <server_root>/manual/en/admin/help/contents.htm
CMS Installation and Setup Guide (this guide)
Describes how to plan for, install, and administer Certificate Management System. To access the installation and configuration information from within the CMS Installation Wizard or from the CMS window (within iPlanet Console), click any help button.
To view the HTML version of this guide, open this file: <server_root>/manual/en/cert/setup_guide/contents.htm
CMS Plug-Ins Guide
Provides detailed reference information on CMS plug-ins. To access this information from the CMS window within iPlanet Console, click any help button.
To view the HTML version of this guide, open this file: <server_root>/manual/en/cert/plugin_guide/contents.htm
CMS Command-Line Tools Guide
Provides detailed reference information on CMS tools.
To view the HTML version of this guide, open this file: <server_root>/manual/en/cert/tools_guide/contents.htm
CMS Customization Guide
Provides detailed reference information on customizing the HTML-based agent and end-entity interfaces.
To view the HTML version of this guide, open this file: <server_root>/manual/en/cert/custom_guide/contents.htm
CMS Agent's Guide
Provides detailed reference information on CMS agent interfaces. To access this information from the Agent Services pages, click any help button.
To view the HTML version of this guide, open this file: <server_root>/cert-<instance_id>/web/agent/manual/agent_guide/
End-entity help (online only, not printed)
Provides detailed reference information on CMS end-entity interfaces. To access this information from the end-entity pages, click any help button.
To view the HTML version of this guide, open this file: <server_root>/cert-<instance_id>/web/ee/manual/ee_guide/
Note Do not change the default location of any of the HTML files; they are used for online help. You may move the PDF files to another location.
For a complete list of all documentation for Certificate Management System, including documentation for Directory Server, see Documentation Summary, located at: <server_root>/manual/index.html
For the latest information about Certificate Management System, including current release notes, technical notes, and deployment information, check this site: http://docs.sun.com/?p=coll/S1_s1CertificateServer_47
Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated October 07, 2002