Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
V
W
X
A
- Accessing the User Interface, 7-2
- acquire subCA certificate, B-1
- acquiring a server certificate, 7-13
- Add, 5-17
- add, 5-16
- add a policy (custom only), 5-20
- Add Another Row, 5-28
- adding
- a policy, 5-31
- custom policy, 5-33
- policies, 5-14, 5-15
- Adding Predicates, 5-28
- ADMIN, A-5
- administering
- policies, 5-3
- administration interface, 3-7, 4-1
- administrative password, 3-7
- Administrative Task Overview, 3-1
- Administrator
- types of, A-9
- administrator
- certificate, 2-8, 3-13
- form, 2-8
- new, 3-6, 6-8
- password, 2-8, 3-3, 3-5
- administrator certificate, 3-7
- administrator password, B-4
- ocactl requires, 6-5
- administrator's certificate
- importing, 2-8
- admin.log, 6-13
- admin.trc, 6-12, 6-13
- advanced DN, 3-17
- Advanced Topics, 6-1
- Affiliation Change (revocation reason), 3-12
- AFFILIATION_CHANGE (revocation code), 3-7
- alerts, 4-5
- CA SMIME wallet, 6-3
- configuring, 4-5, 6-3, 6-4
- CRL generation failure, 4-5
- All Pending Requests, 3-14
- allowExpiredCerts, 5-11
- allowRenewal, 5-12
- altering
- requests, 5-4
- ancestors, B-5
- AND, 5-22
- Apache, 6-6, 6-22
- Oracle HTTP Server, 6-3
- APIs, 5-23, 5-31
- and plug-ins, 5-3
- application
- SSO usage, 3-23
- apply policy checkbox, 5-15
- applying
- policies, 5-3
- policy default values, 5-25
- approval
- manual, 7-3
- approve, 2-8, 3-10, 3-14
- approved, 2-8
- Approving Certificate Requests, 3-10
- Approving or Rejecting Certificate Requests, 3-10
- asterisk
- in predicate expression, 5-23
- matches attributes, 5-23
- not string matching, 5-23
- asymmetric, 1-2
- attributes, 1-9
- asterisk matches, 5-23
- in predicates, 5-23
- authentication, 1-2, 1-6, 1-7, 1-9, 2-6, 2-9, 3-23, 7-1
- certificate-based, 2-10
- change method, 2-8, 7-3
- checking the CRL, 3-18
- client certificate, 3-6
- configuring for SSL & SSO, 4-7
- form, 3-3
- manual, 7-11
- mod_osso, 2-9
- password-based, 2-10
- SSL, 7-4, 7-10
- SSL server, 6-3
- SSL-based, 2-10
- SSO, 3-20
- user, 3-11
- authority
- certification, 1-3
- automatic certificates for SSL/SSO users, 7-3
- automatic client users, 5-7
B
- backing up
- wallets, 6-6
- backup and recovery
- considerations, 6-20
- backup and recovery procedures, 6-1
- base64 certificate, B-5
- BasicConstraintsExtension, B-3
- benefits
- OracleAS PKI, 1-7
- benefits of a PKI, 1-6
- big-endian order, 5-24
- binary number
- key, 1-2
- bits
- set for extensions, B-3
- broadcasting OCA request page to SSO users, 3-18, 3-19
- browsers, 1-8, 2-7
- configuring, 7-7
- import certificate, 3-20
- import SSO certificate, 3-22
- password, 3-6
- present certificates to SSO, 3-23
- use CRLs, 3-18
- Built-in Plug-in Policy Modules, 2-7
C
- CA, 1-3, 1-4, A-5, A-9
- hierarchy, B-3
- levels, 1-3
- new
- new signing password, B-4
- root, 1-3
- signing, 1-3
- subordinate, 1-3
- ca
- certificate type, 5-23
- CA certificate
- new, 6-2, A-10
- CA Compromise (revocation reason), 3-12
- CA hierarchy, B-6
- setting up, B-1
- CA key
- compromised, 6-2, 6-7
- CA signing, 7-13
- CA signing certificate, 6-2
- invalid, 6-2, A-10
- CA SMIME wallet, 6-2
- generating, B-6
- signing alerts & notifications, 6-3
- CA SSL, A-11
- CA SSL wallet, 6-2
- generating, B-6
- regenerating, 6-3
- CA wallet
- regenerating, 6-2
- CA_COMPROMISE (revocation code), 3-7
- ca_sign
- usage type in predicates, 5-23
- card reader, 7-5
- case-insensitive
- strings in predicates, 5-23
- CASMIME, A-5, A-9
- CASSL, A-5, A-9
- centralization, 1-1
- Certificate, 3-12
- certificate
- administrator, 3-7, 3-13
- administrator information required, 3-5
- administrator request, 3-3
- all invalidated, 6-2, A-10
- automatic for SSL/SSO users, 7-3
- base64, B-5
- compromised, 3-10, 3-12, 3-13
- contents, 1-4
- contents and uses, 1-4
- digital, 1-3
- download, 7-3
- download into file system, 7-3
- expired, 3-13, 5-4, 5-11
- expiring, 6-4
- extensions, 1-4
- finding, 3-14
- fingerprint, 1-4
- getting a, 2-10
- import, 3-6, 3-20, 7-3
- import into browser, 7-3
- import to browser, 3-3
- import to file system, 7-19
- inconsistent state, 6-7
- invalidated, 6-7
- issued upon request for SSO/SSL-authenticated user, 4-7
- management, 3-1, 3-9
- manual, 5-6
- multiple, 5-4
- multiple constraint, 5-8
- new CA, 6-2, A-10
- new request, 7-3
- new required, 6-7
- owner, 3-16
- parameter values
- restricting, 5-3
- pending request alerts, 4-5
- PKCS#10 request, 2-7
- PKI, 1-3
- policies, 5-2
- properties, 2-8
- publish SSO, 3-21
- publishing, 4-7, 6-18
- purposes, 2-10
- rejecting, 3-11
- renew, 7-3
- renewal window, 3-10, 3-13, 5-12, 5-16
- renewing, 3-13, 6-4, 7-12
- replace administrator, 3-6
- request
- SSO, 3-19
- request URL for SSO, 3-19
- requests, 1-8, 2-7
- pending, 3-8
- status, 2-8
- retrieving, 7-12
- revoke, 7-3
- revoking, 3-12, 7-12
- revoking expired, 5-10
- root CA, 3-13
- search, 3-14
- separate, 1-4
- serial number, 1-4
- server, 5-6, 7-3, 7-13
- server, acquiring, 7-13
- server/subCA, 7-13
- signer, 7-6, 7-9
- signing, 1-4, 7-4
- SMIME invalidated, B-7
- SSL, 1-4
- SSL invalidated, B-6
- SSO usage, 3-20, 3-23
- status, 3-15, 3-17
- Sub CA, 3-11
- trusted, B-5
- editing uses, 7-7, 7-8
- types, 7-3
- types in predicates, 5-17, 5-23
- user, 7-4
- using existing, 4-7
- view, 7-3
- viewing details, 3-11
- X.509, 1-4
- Certificate Authority
- CA, 1-4
- certificate authority, 1-7
- signing, 1-3
- Certificate Management Tab, 3-8
- Certificate Management tab, 2-8
- Certificate Renewal, 7-12
- Certificate Renewal Policy as Shipped, 5-16
- Certificate Request Details screen, 3-10
- Certificate Request form, 7-6
- Certificate Request Policies as Shipped, 5-15
- Certificate Retrieval, 7-12
- Certificate Retrieval, Renewal, and Revocation, 7-12
- Certificate Revocation, 7-12
- Certificate Revocation List, 6-7
- certificate revocation list, 3-17
- Certificate Revocation List (CRL), 2-8
- Certificate Revocation Policy as Shipped, 5-16
- certificate usage
- in predicates, 5-23
- CERTIFICATE_HOLD (revocation code), 3-7
- certificates
- life-cycle, 1-9
- certification authority, 1-3
- Certification Practice Statement, 4-10
- certified, 3-9, 3-15, 3-17
- Cessation of Operation (revocation reason), 3-12
- CESSATION_OF_OPERATION (revocation code), 3-7
- challenges, 1-1
- changes
- policy, 5-15
- changeschema, A-3
- changeschema command, 6-16, 6-17, A-3
- changesecurity, 6-15, A-3
- changesecurity command, 6-15
- changing
- method of authentication, 7-3
- wallet password, 6-5
- changing OCA's IM Services, 6-14, 6-15
- changing passwords, 6-5
- Changing Privileged Passwords, A-9
- class, 5-15, 5-20
- register, 5-31
- clear, A-3
- clearing
- log or trace
- deletes contents, 6-13
- log or trace data, 6-13
- client
- certificate type, 5-23
- CN
- in DN, 5-23
- code signing, 7-4
- code_sign
- usage type in predicates, 5-23
- codes
- revocation, 3-7
- cold failover
- configuration, 6-19
- deployment, 6-19
- Collaboration Suite, 2-5
- Command Examples, A-6
- command-line interface, 3-1
- commands, A-3
- when take effect, 6-5
- Common Name, 3-14
- common name, 3-4, 3-6
- Sub CA, B-6
- complete
- DN, 5-23
- components
- needed by OCA, 2-12
- Oracleas PKI, 1-8
- Components of the OracleAS PKI, 1-7
- compromised
- CA key, 6-2, 6-7
- compromised certificates, 3-10, 3-12, 3-13
- concepts
- policy, 5-2
- configuration
- cold failover, 6-19
- configuration asks, 4-3
- configuration choices, 3-18, 3-19
- configuration file, 6-22, A-6, A-8
- configuration management, 3-1
- alerts, 4-5
- subtabs, 4-3
- tab, 4-2
- Configuration Operations for Oracle Application Server Certificate Authority, 6-5
- configure
- log & trace, 4-7
- configuring
- Apache, 6-6
- on web, 6-5
- sending signed alerts and notifications, 4-5, 6-3, 6-4
- site, 6-5
- SSL automatically, 6-6
- Sub CA, B-5, B-6
- using ocactl, 6-5
- Configuring Your Browser to Trust Oracle Application Server Certificate Authority, 7-7
- connection information
- where stored & displayed, 6-18
- connections
- OCA repository and directory, 6-18
- container
- called database, cache, or wallet, 1-5
- contents, 1-5
- for certificates, 1-5
- wallet, 1-5
- containers, 1-8
- PKI, 1-5
- contents
- certificate, 1-4
- container, 1-5
- contiguous
- DN, 5-23
- contiguous DN, 5-12
- contiguous string, 3-15
- convertwallet, 6-6, 6-7, A-3, A-6
- copying
- base64 certificate, B-5
- CRLs, 3-18
- trust points, B-6
- copying CRLs, 3-18
- CPS (certification practice statement), 4-10
- credentials
- PKI, 1-5
- criterion
- for predicate order, 5-25
- CRL, 2-7, 2-8, 3-9, 3-17, 6-7, 7-3
- checking, 3-18
- copying, 3-18
- download, 3-18
- download into file system, 7-3
- generating, 3-17
- import, 3-18
- import into browser, 7-3
- multiple, 3-18
- path used by server, 3-18
- purpose, 3-15
- scheduling generation, 4-6
- updating, 3-17
- usages, 3-18
- CRL alerts, 4-5
- CRL validity, 3-18
- days to next update, 3-18
- CRL_SIGN, B-3
- custom policy, 5-31
- adding, 5-33
- name description and class, 5-33
- plug-ins, 5-1, 5-16
- customize
- policies, 2-8
- cut-and-paste, 1-9, 3-3
- cutting and pasting, 1-7
- cwallet.sso, 6-4, 6-6, 6-22, A-6
D
- data integrity, 1-1
- database
- connect string used, 4-8
- database connection pool, A-6, A-8
- Database Settings, 4-8
- days to next CRL update, 3-18
- DB, A-5, A-9
- dc (domain component), E-3
- decipher, 7-3
- decrypt, 1-2
- decryption, 1-1, 1-2, 7-3
- by appropriate recipient only, 1-2
- infeasible, 1-9
- messages, 1-3
- time and effort, 1-6, 1-9
- Default Base DN Components, 4-8
- Default Constraint-specific Policy Rules, 5-4
- default deployment, 2-12
- advantages, 2-12
- installation instructions, 2-12
- default period
- renewal, 5-12, 5-16
- default policy rules, 2-8
- defaults, 5-2, 5-16
- in a policy
- when used, 5-21
- key sizes, 5-15
- policies, 5-4
- renewal validity period, 5-12
- validity period, 5-16
- Delegated Administration Service, 2-3, 2-6
- delegated administration service, 1-1
- delete, 5-16
- predicate, 5-17
- delete a policy, 5-17
- deleted policy, 5-17
- deleting
- policies, 5-15
- departments
- Sub CA wallets, B-5
- deployment, 2-12
- default, 2-12
- advantages, 2-12
- installation instructions, 2-12
- recommended, 2-12
- advantages, 2-12
- installation instructions, 2-13
- strategies, 2-12
- using cold failover, 6-19
- describing
- a policy plug-in, 5-3
- Developing a Custom Policy Plug-in, 5-31
- digital certificates, 1-3, 1-6
- approving requests, 3-10
- binary file, A-10
- contents and uses, 1-4
- encryption, 2-9
- management, 3-9
- pending, 2-9
- rejecting, 3-11
- renewing, 3-13
- request, 2-7, 2-8, 2-9, 2-10, 2-11
- revoking, 3-12
- signing, 2-9
- signing/SSL, 2-11
- SSL, 2-9
- viewing, 3-11
- digital signature, 1-1, 1-4, 1-6, 1-7, 2-7
- digital transactions
- sign, 1-6
- DIGITAL_SIGNATURE, B-3
- directory
- connections, 6-18
- for Sub CA wallet, B-4
- directory integration services, 1-1
- directory organization object, E-3
- DN, E-3
- directory services, 1-1
- Directory Settings, 4-8
- directory synchronization
- scheduling, 4-6
- disable, 5-16
- disabling
- policies, 5-3, 5-15
- RenewalRequestConstraint, 5-12
- RevocationConstraints, 5-11
- RSAKeyConstraints, 5-5
- uniquecertificateconstraint, 5-9
- validity rule, 5-7
- disabling policy rules, 5-3
- displaying connection information, 6-18
- distinguished name, 3-16, 5-23
- DN, 1-4
- distinguished name (DN), 1-4
- DN, 1-4, 2-11, 3-3, 3-4, 5-23, 5-24
- advanced, 3-15, 3-17
- as root of directory information subtree, E-3
- complete, 5-23
- configuring defaults for manual enrollment, 4-8
- contiguous & complete, 5-12
- contiguous string to root, 3-15
- dc, E-3
- dc entry, 6-2
- distinguished name, 3-16
- domain component, 6-2, E-3
- follows RFC1779, 5-23
- identifying a directory organization object, E-3
- in predicate, 5-24
- invalid, 5-24
- least significant component, 5-24
- matching, 5-24
- most significant component, 5-24
- partial, 5-23
- relative, 3-17
- root, 5-24
- rules for matching, 5-24
- subordinates can represent organization subdivisions, E-3
- valid, 5-24
- domain component, 6-2
- re an organization's subdivisions or localities, E-3
- domain component, example, E-3
- domain components, 2-11
- Down CA Certificate, B-5
- download
- CA certificate, 7-3
- CRL, 7-3
- into file system
- certificate or CRL, 7-3
- Download CRL, 3-18
- download CRL, 2-8
- Download to your local disk (CRL), 3-18
- downloading, 7-14
- Downloading a CA Certificate, 7-14
- Downloading the Certificate Revocation List (CRL), 7-15, 7-16
- drastic operation, 3-13, 6-7
E
- Ease of Use for Administrators and End Users, 2-8
- eavesdropper, 1-2
- E-Business Suite, 2-5
- edit, 5-16
- in Policy subtab, 5-3
- edit a policy, 5-16
- editing
- trusted uses, 7-7, 7-8
- elements
- in a log, 4-9
- of a practice statement, 4-10
- email, 3-11, 4-4
- server, sender, template, 4-4
- to SSO users for OCA URL, 3-19
- email address search, 3-15
- email clients
- use CRLs, 3-18
- verify incoming SMIME messages, 3-18
- embedded HTML link
- for SSO users, 3-19
- enable, 5-16
- enable a policy, 5-17
- enabling
- a policy plug-in, 5-3
- RenewalRequestConstraint, 5-12
- RevocationConstraints, 5-11
- RSAKeyConstraints, 5-5
- uniquecertificateconstraint, 5-9
- validity rule, 5-7
- Enabling PKI Authentication with SSO and OCA, 3-22
- enabling policy rules, 5-3
- encryption, 1-1, 1-2, 1-4, 1-6, 1-8, 2-9, 7-3
- algorithms, 1-1
- asymmetric, 1-2
- messages, 1-3
- scheme, 1-2
- symmetric, 1-2
- unique for different users, 1-1
- end-entity, 3-16, 3-18, 7-1
- end-user, 3-16, 7-1
- interface, 7-1
- end-user interaction
- two types, 7-3
- End-User Tabs and Processes, 7-3
- enforcing
- policies, 5-3
- enrollment form
- Server/SubCA, 7-13, 7-14, B-2, B-5, B-6
- Enterprise User, 2-5
- entities
- trusted, 1-2
- vouch for relationship, 1-2
- entity, 1-3
- equal to, 5-22
- error, 7-5
- evaluating requests
- policies, 5-2
- evaluation
- of multiple predicates, 5-24
- evaluation example
- multiple predicates, 5-25, 5-26
- Evaluation Example for Multiple Predicates, 5-25
- events
- notification, 4-4
- ewallet.p12, 6-3, 6-4, 6-6, 6-7, 6-22, A-6, B-4, B-6
- examples
- of DN matching in predicates, 5-24
- existing certificates
- using, 4-7
- expired, 2-6
- expired certificate, 3-13
- expired certificates, 5-4, 5-11
- export, 7-17
- certificate from browser, 7-17
- export command
- migoca, 6-17
- expression
- predicate, 5-2
- complete, 5-12
- contiguous, 5-12
- Expression text box, 5-17
- expressions
- logical, 5-22
- operators, 5-22
- predicate, 5-22
- extensions, 1-4, D-1
F
- Field Name
- form, 3-4
- file permissions
- protect SSO wallet, 6-6
- files
- admin.log, 6-13
- admin.trc, 6-12, 6-13
- cwallet.sso, 6-22
- ewallet.p12, 6-22
- httpd.conf, 6-22
- ias.properties, 6-15
- log, 4-7
- oca_cps.html, 4-10
- oca.conf, 6-18, 6-22
- oca.trc, 6-12, 6-13
- ocm_apache.conf, 6-22
- ocmpassword.p12, 6-22
- operating system, 6-13
- osso.conf, 3-22, 3-23, 6-22
- .p12, 7-19
- trace, 4-7
- find, 3-14
- finding (see listing & search), 3-14
- fingerprint
- certificate, 1-4
- flexible policy, 2-7
- form
- administrator, 2-8
- authentication, 3-3
- field names, 3-4
- format, A-7
G
- Gemplus, 3-5, 7-5, 7-6
- General subtab, 4-6
- database & directory settings, 4-6
- DN defaults, 4-6
- parameters, 4-6
- publishing, 4-6
- settings, 6-18
- SSL & SSO, 4-6
- general subtab tasks & discussions, 4-4
- generate CRL, 2-8
- generatewallet, A-2, A-3, A-4, A-10, A-11
- generating
- Sub CA wallet, B-5
- Sub CA wallets, B-6
- generating the CRL, 3-17
- get certificate, 2-10
- Glossary, E-1
- Go (not Enter), 3-14
- graphical user interface (see GUI), 4-1
H
- help, A-3, A-4
- Hierarchical Certificate Authority Support, 2-11
- hierarchy of CAs, B-3
- hierarchy of trust, 1-3, 2-11
- geographically distributed, 2-11
- high availability, 1-1
- high-availability features, 6-1, 6-18
- Hold (revocation reason), 3-12
- home page, 3-7, 7-2
- host port number, 3-19
- HTTP Server, 3-2, A-6, B-7
- in SSL mode, 6-3
- HTTP server, 6-19
- HTTP Server (Apache), 6-22
- httpd.conf, 6-22
- HTTPS, 2-9, 2-10, 2-12, 6-3, B-6
I
- ias.properties file, 6-15
- icon
- lock, 7-8, 7-13, 7-19
- identity, 1-3, 1-7
- Identity Management, 1-5, 2-1, 2-3, 2-4, 2-6
- identity management
- solution, 2-1
- Identity Management Infrastructure, 1-7
- ID/Serial, 3-14
- IETF, 1-4, 2-7
- IM Services
- changing OCA's, 6-14, 6-15
- import, 3-11, 3-14, 7-3, 7-4, 7-7, 7-14, 7-16
- administrator certificate, 3-3
- CA certificate, 6-6
- certificate, 3-20
- trusted activities, 7-8
- into browser
- certificate or CRL, 7-3
- import CA certificate, 6-6
- Import Certificate, 3-6
- import command
- migoca, 6-17
- import subCA certificate, B-1
- Import to Browser, 7-6
- SSO, 3-22
- Import to Browser (CRL), 3-18
- importation, 3-4
- importing
- Sub CA Wallet, B-3
- the administrator's certificate, 2-8
- Importing a Certificate from Your File System, 7-19
- Importing a Certificate to Your Browser, 7-16
- importwallet, A-3, A-4
- inconsistent state
- after CA revocation, 6-7
- Information message, 5-20
- infrastructure, 1-1, 1-5, 2-1, 2-4
- re-associating, 6-14
- installation, 2-12
- installing
- Sub CA Wallet, B-3
- installing new CA
- steps, 6-7
- integrity, 1-6
- Internet Explorer, 2-7, 2-9, 3-5, 7-2, 7-5, 7-6, 7-14, 7-15, 7-18, 7-19
- interoperability, 1-8
- introduction to OracleAS PKI, 1-6
- invalidating
- certificates, 6-7
J
- J2EE, 2-5
- JAAS, 2-5
- jar, 5-15, 5-20, 5-32
- Java class, 5-2, 5-31, 5-32
- Javadoc, 5-31
- jobs
- scheduled, 4-6
K
- key, 1-2
- asymmetric, 1-2
- binary number, 1-2
- in a PKI, 1-2
- owner, 1-3
- pairs, 1-2
- private, 1-2
- public, 1-2, 1-3
- separate, 1-2
- symmetric, 1-2
- validation, 1-3
- Key Compromise (revocation reason), 3-12
- Key Features of Oracle Certificate Authority, 2-7
- key lengths, 2-7
- Key Size, 3-5, 7-5, 7-6
- key size, 3-3, 3-5
- default maximum, 5-5
- default minimum, 5-5
- minimum & maximum, 5-4
- predicate, 5-5
- RSAKeyConstraints, 5-4, 5-5
- key sizes
- defaults, 5-15
- narrow/widen range, 5-15
- Key Store, 3-5, 7-6
- KEY_CERT_SIGN, B-3
- KEY_COMPROMISE (revocation code), 3-7
- key-pairs, 1-6, 3-5, 3-6, 7-6
- keys
- distribution methods, 1-1
- KeyUsageExtensions, B-3
L
- LDAP, 1-9, 2-7, A-5
- least significant component of DN, 5-24
- least significant RDN, 5-25
- levels
- CAs, 1-3
- trust, 1-3
- link OCA with SSO, 3-19
- linksso, 3-20, A-3, A-4
- list, 3-14
- of ports, 3-7
- revoked certificates, 3-15
- Listing a Certificate Request or an Issued Certificate, 3-14
- little-endian order, 5-24
- local entry name, 5-24
- localities
- as domain components, E-3
- lock icon, 7-8, 7-13, 7-19
- LOG, A-5
- log, 6-12
- clearing, 6-13
- elements, 4-9
- stored in repository, 6-13
- log file, 4-7
- logger, A-6, A-8
- logging, 4-7
- logical
- operators, 5-22
- logical expression
- used in predicates, 5-22
- logs
- messages re errors during OCA use, 4-9
- viewing, 3-1, 4-9
M
- managing
- certificates, 3-1, 3-9
- configuration, 3-1
- policies, 5-1, 5-14
- overview, 5-2
- Managing Certificates, 3-9
- managing certificates, 3-1
- Manual
- Authentication, 7-11
- manual, 7-4
- Manual Approval, 2-11
- manual approval, 7-3
- additional options, 2-11
- information required, 2-11
- server and subordinate CA, 2-11
- manual authentication, 7-11
- manual user certificate, 5-6
- match
- predicate, 5-21
- matching
- DNs, 5-24
- first not best, 5-25
- policy evaluations, 5-24
- results if no match, 5-25
- rules re DNs, 5-24
- MD5 with RSA, 3-18
- message
- shows change worked, 5-20
- message digests
- signing, 7-3
- messages
- private, 1-2
- Microsoft
- Basic Crypto, 3-5, 7-6
- Enhanced Crypto, 3-5, 7-6
- Gemplus, 3-5
- migoca
- export command, 6-17
- import command, 6-17
- migoca script, 6-16
- migoca.dmp file, 6-17
- mod_osso, 3-22
- SSO, 2-9
- modifying policy rules, 5-3
- most significant component of DN, 5-24
- multiple
- CRLs, 3-18
- predicates, 5-5
- multiple certificates, 5-4
- allow/disallow, 5-16
- constraint, 5-8
- same usage, 5-16
- Multiple Predicate Evaluation, 5-24
- multiple predicates, 5-23
- evaluation example, 5-25, 5-26
- multiple servers, 3-18
N
- name
- certificate signer, 7-6, 7-9
- naming
- a policy plug-in, 5-3
- National Language Support (NLS), 2-8, 6-9
- Netscape, 2-9, 3-5, 7-2, 7-5, 7-6, 7-7, 7-15, 7-17, 7-19
- Netscape Communicator, 2-7
- nickname, 3-23
- NLS, 2-8, 6-9
- NON_REPUDIATION., B-3
- non-repudiation, 1-1, 1-6
- signed messages, 1-2
- not equal to, 5-22
- notification
- events, 4-4
- notification subtab, 4-4
- notification subtab tasks & discussions, 4-3
- notifications
- CA SMIME wallet, 6-3
- configuring, 4-5, 6-3, 6-4
O
- OC4J, 2-12, 3-2, 6-19, A-5, A-7, A-8, A-14, A-16, B-3, B-4, B-7
- starting & stopping, 3-20, 5-33, 6-9, 6-16, 6-17, A-8, A-14, B-3
- stopping & starting, A-14, B-3
- OCA, 1-7, A-5
- repository, 2-9
- OCA connection information
- where stored & displayed, 6-18
- OCA repository, 6-2, A-10
- oca_cps.html, 4-10
- oca/bin, A-2
- oca.conf, 6-18, 6-22, A-6, A-16
- ocactl, 2-8, 3-2, 3-6, 3-13, 6-2, 6-4, 6-8, 6-19, A-1 to A-16
- configure OCA link with SSO, 3-20
- general form, A-2
- Operations and Parameters, A-3
- requires admin password, 6-5
- oca.trc, 6-12, 6-13
- ocm_apache.conf, 6-22
- ocmpassword.p12, 6-22
- OFF, A-5
- OHS, 2-12, 3-2, A-7
- ohs
- starting & stopping, 5-33, 6-16, A-8, A-14, B-3
- stopping & starting, A-14, B-3
- OID, 1-9, 2-12, 3-2, 6-18
- SSO usage, 3-21
- ON, A-5
- one-time session password, 1-9
- open standards, 2-7
- operating system file permissions
- protecting SSO wallet, 6-3
- operating system files
- removing, 6-13
- operations, A-3
- PKI, 1-5
- operators
- logical, 5-22
- OPMN, 6-3
- OR logical expression, 5-23
- Oracle Application Server Certificate Authority, 2-6
- components needed, 2-12
- Oracle Certificate Authority
- OCA, 1-7
- Oracle Collaboration Suite, 2-6
- Oracle Home, 2-12
- Oracle HTTP Server
- Apache, 6-3
- checks SSL validity, 3-18
- Oracle Identity Management, 1-1, 1-5
- Oracle Internet Directory, 1-7, 1-9, 2-3, 2-5, 2-10, 3-2, 6-18
- SSO usage, 3-21
- Oracle Label Security, 2-5
- Oracle Single Sign-on Authentication, 2-10
- Oracle wallet, 1-5
- Oracle Wallet Manager, 1-8, B-1, B-5
- Oracle Wallet Manager (OWM), B-5
- ORACLE_HOME, 4-10, 5-20, 6-3, 6-6, 6-12, 6-13, 6-22, B-6
- order of policies, 5-3
- order of predicates, 5-25
- osso.conf, 3-22
- osso.conf file, 3-22, 3-23, 6-22
- overriding policies
- when issuing a certificate, 5-15
- overview
- web administrative interface, 3-7
- OWM, 1-8, 6-6, B-1, B-5
- owner, 3-16
P
- .p12 file, 7-19
- parameters, 5-2, 5-16, A-2, A-3
- allowExpiredCerts, 5-11
- defaults ranges & values, 5-2
- policy, 5-15
- validity constraints, 5-6, 5-7
- values, 5-17
- password, 3-6
- admin
- required for ocactl, 6-5
- administrator, 2-8, 3-2, 3-3, 3-5, 3-6, 3-7, B-4
- browser security, 3-6
- database, 6-5
- encrypting private key, 6-2, A-10
- lost, 6-8
- requested during generation, 6-2, A-10
- SSL Server wallet, 6-6
- store, B-4
- wallet, 6-3, 7-19
- changing, 6-5
- password store, A-11
- passwords, 7-17, 7-18, A-2, A-8, A-9, A-11
- CA, 6-5
- CA SSL wallet, 6-5
- CASMIME, 6-5
- path
- CRL, 3-18
- path length, 3-11
- path-length
- number of Sub CA levels, B-5
- pathlength, D-1
- peer identity, 1-5
- pending, 2-8, 3-9, 3-15, 3-17
- pending certificate requests, 3-8
- PKCS #12, 1-8
- PKCS Standards, 2-7
- PKCS#10, 7-13, B-5
- PKCS#10 Certificate Request, B-1
- PKCS#10 certificate request, 1-8, 2-7
- PKCS#12, 1-8, 6-3, 6-6, 7-18, A-6
- PKCS#7, B-2
- PKI, 1-1, 7-13
- benefits, 1-6, 1-7
- certificate, 1-3
- components, 1-8
- containers, 1-5
- credentials, 1-5
- earlier costs and difficulties, 1-7
- introduction, 1-6
- operations, 1-5
- requires SSL, 3-19
- what is a, 1-1
- with SSO and OCA, 3-22
- pki
- for secure data transmission and storage, 1-1
- PKI-based single sign-on, 1-9
- PKIX, 2-7
- plug-in policy modules, 2-7
- plug-ins, 5-1, 5-2, 5-3, 5-23, 5-31, 5-32
- class, 5-15
- custom
- examples, 5-31
- custom policy, 5-16
- default, 5-31
- jar, 5-15
- policies, 2-1, 2-11, 3-3
- add (custom only), 5-20
- adding, 5-14, 5-15
- administering, 5-3
- altering requests, 5-4
- applying, 5-3
- certification practice, 4-10
- changes require restart, 5-15
- class, 5-15
- custom, 5-31
- no predicates, 5-21
- default rules, 5-4
- delete (custom only), 5-17
- deleting, 5-15
- disabling, 5-15
- edit, 5-16
- enable, 5-17
- enforcing, 5-3
- evaluate requests, 5-2
- for different user populations, 5-22
- formulating and applying, 5-2
- jar, 5-15
- managing, 5-1, 5-14
- order, 5-3
- overriding
- when issuing a certificate, 5-15
- parameters, 5-15
- predicates, 5-15
- processing, 5-3
- renewal, 5-16
- RenewalRequestConstraint, 5-4, 5-11
- reorder, 5-17
- reordering, 5-14
- restricting parameter values, 5-3
- RevocationConstraints, 5-4, 5-10
- RSAKeyConstraints, 5-4
- sample custom, 5-16
- sequence, 5-14
- supplied, 5-4
- supplied rules, 5-4
- UniqueCertificateConstraint, 5-4, 5-8
- ValidityRule, 5-4
- what they specify, 5-14
- policy, 2-7
- add (custom only), 5-20
- concepts terms and definitions, 5-2
- creating
- steps, 5-32
- custom plug-ins, 5-1
- defaults
- when used, 5-21
- delete, 5-17
- deleted, 5-17
- description, 5-20
- edit, 5-16
- enable, 5-17
- flexible, 2-7
- Java class, 5-2
- management, 5-2
- name, 5-20
- object class, 5-20
- predicate, 5-2
- processing
- sequential, 5-3
- processor module, 5-3
- rule, 5-2
- security, 2-7, 2-11
- Policy Actions
- edit enable disable delete reorder or add, 5-16
- policy default values
- applying, 5-25
- policy evaluations
- DN matching, 5-24
- policy modules, 2-7
- customize, 2-8
- policy rule
- multiple predicates, 5-24
- policy rules
- all re renewals, 5-14
- all re requests, 5-13
- all re revocations, 5-14
- and plug-ins, 5-3
- creating, 5-3
- enable disable or modify, 5-3
- Policy Sub-tab, 5-13
- Policy subtab, 5-3
- policy subtab tasks & discussions, 4-4
- port, 3-4, 3-7, 7-2
- host, 3-19
- information, 3-7
- list, 3-7
- SSL, 3-19
- practice statement, 4-10
- elements, 4-10
- predicate, 5-2
- adding, 5-28
- attributes, 5-23
- certificate types, 5-23
- corresponding values used, 5-22
- delete, 5-17
- expression, 5-2
- if no match, 5-25
- key size, 5-5
- matching request element, 5-21
- multiple, 5-23
- evaluation example, 5-25, 5-26
- not in custom policies, 5-21
- operators, 5-22
- optional, 5-21
- order, 5-25
- RenewalRequestConstraint, 5-12
- reordering, 5-26
- RSAKeyConstraints, 5-5
- specifics, 5-21
- strings
- case-insensitive, 5-23
- validity period, 5-7
- value
- asterisk, 5-23
- values, 5-23
- Predicate Attributes, 5-23
- predicate expression
- complete, 5-12
- contiguous, 5-12
- evaluation, 5-21
- logical, 5-22
- not matched, 5-21
- predicate order
- criterion, 5-25
- predicates, 5-16
- complex, 5-5
- examples, 5-5
- multiple sets, 5-5
- policy, 5-15
- Predicates in Policy Rules, 5-21
- preventing
- repudiation of signed messages, 1-2
- unauthorized access, 1-2
- private key, 1-2, 1-6, 3-12, 7-3, 7-13, 7-18
- compromised, 3-6, 6-8
- encrypted, 6-2, A-10
- for decryption, 1-2
- lost, 3-6
- new CA, 6-2, A-10
- password lost, 6-8
- signs certificate, 1-3
- stolen, 3-6, 6-8
- validation using public key, 1-3
- private messages, 1-2
- privileges, 1-9
- propagating, 2-6
- properties
- certificate, 2-8
- properties file, 6-15
- protocols
- PKCS#10, 2-7
- Signed Public Key and Challenge, 2-7
- provisioning, 2-10
- automatic, 2-9
- conventional, 2-9
- Provisioning Integration, 2-6
- public key, 1-2, 7-3, 7-14
- can verify CA signature, 1-3
- for encryption, 1-2
- owner, 1-3
- Public Key Infrastructure, 1-1
- public-key certificates, 1-6
- publish
- OCA URL for SSO users, 3-19
- SSO certificate, 3-21
- publishing, 2-6
- certificates, 4-7, 6-18
R
- RA, 1-4, 1-5, 1-7
- within OCA, 1-6
- ranges, 5-2
- RDN, 3-17, 5-24, E-3
- child of RDN, 5-24
- least significant, 5-24, 5-25
- multiple usage, 5-24
- reason codes
- revoke, 3-7
- reasons
- revocation, 6-8
- re-associating
- infrastructure, 6-14
- repository, 6-14
- Re-associating Oracle Application Server Certificate Authority Infrastructure, 6-14
- recommended deployment, 2-12
- advantages, 2-12
- installation instructions, 2-13
- regenerating
- CA signing certificate, 6-2
- CA SMIME wallet, 6-2, 6-3, A-10
- CA SSL certificate
- circumstances, B-6
- CA SSL Wallet, 6-3
- CA SSL wallet, 6-2, A-10
- CA Wallet, 6-2
- wallets, 6-2, 6-3, B-6
- Re-generating the CA Wallet, 6-2
- Regenerating the Certificate Authority's SSL Certificate and Wallet, A-11
- Regenerating the Root Certificate Authority's Certificate, A-10
- register
- class, 5-31
- Registration Authority
- RA, 1-4
- registration authority, 1-5, 1-7
- registration tool
- SSO, 3-22
- reject, 2-8, 3-10, 3-11, 3-14
- rejected, 2-8, 3-9, 3-15, 3-17
- Rejecting Certificate Requests, 3-11
- relative distinguished name, 5-24
- relative DN, 3-17
- Remove From CRL (revocation reason), 3-12
- remove link with SSO, 3-20
- REMOVE_FROM_CRL (revocation code), 3-7
- removing
- operating system files, 6-13
- renew, 1-5, 3-10, 3-14, 5-4, 5-12, 5-16, 7-3, 7-12
- expired certificates, 5-4
- whether/when, 5-16
- renewal, 5-12
- all policy rules, 5-14
- default period, 5-12, 5-16
- policy, 5-16
- renewal window, 3-10, 3-13, 5-12, 5-16
- renewalNotAfter, 5-12, 5-16
- renewalNotBefore, 5-12
- RenewalRequestConstraint, 5-4, 5-16
- predicate, 5-12
- renewcert, A-3, A-4
- renewed, 3-13
- renewing, 6-4
- critical wallets, 6-4
- expiring certificates, 6-4
- Renewing Certificates, 3-13
- Reorder, 5-17
- reorder, 5-16
- reorder a policy, 5-17
- reordering
- policies, 5-14
- Reordering Predicates, 5-26
- replace
- administrator certificate, 3-6
- repository, 2-9, 2-10, 2-12, 3-2
- connections, 6-18
- contains logs, 6-13
- OCA, 6-2, A-10
- re-associating, 6-14
- separate, 6-14
- request, 1-8, 2-7, 2-8, 2-9, 2-10, 2-11, 3-3, 3-9, 3-10, 3-16, 7-4
- CA signing, 7-13
- code signing, 7-13
- new, 7-3
- pending, 3-8
- signing, 7-13
- SSL/encryption, 7-13
- validity, 5-2
- requests
- altering by policies, 5-4
- policies rejecting, 5-3
- subjected to policies, 5-3
- required fields, 2-10
- re-registering
- OCA with SSO, 3-22
- Reregistering OCA's Virtual Host to SSO Server, 3-22
- re-registerng command, 3-22
- restart, 3-2, 3-6
- restarting
- SSO server, 3-20
- restricting
- certificate parameter values, 5-3
- retrieve, 7-12
- revocation
- reasons, 3-7, 6-8
- revocation reasons, 3-12
- RevocationConstraintRule, 5-16
- RevocationConstraints, 5-4, 5-10
- revoke, 1-5, 2-6, 2-8, 2-10, 3-6, 3-10, 3-12, 3-14, 7-3, 7-6, 7-12, 7-13
- all policy rules, 5-14
- expired certificates, 5-10, 5-16
- revokecert, 6-7, A-3, A-4
- revoked, 3-14
- revoked CA
- administrator cannot access, 6-7
- revoked certificates
- list, 3-15
- revoking
- a Certificate Authority certificate, 6-7
- reasons, 6-8
- required before installing new CA, 6-7
- root certificate authority certificate, 6-7
- web administrator's certificate, 6-8
- Revoking Certificates, 3-12
- RFC1779
- DN usage, 5-23
- role, A-5, A-9
- root, 2-11, 7-14, A-10
- CA, 1-3
- root CA
- certificate, 3-13
- root CA wallet, B-5
- root certificate authority (CA), 6-2
- root of directory information subtree
- DN as, E-3
- Root Store, 7-7
- RSA, 2-7, 3-18
- RSAKeyConstraints, 5-4
- default maximum key size, 5-5
- default minimum key size, 5-5
S
- scalability, 1-1
- Scalability, Performance, and High Availability, 2-9
- scheduled jobs, 4-6
- seamless, 2-6
- search, 3-14, 7-4
- advanced, 3-15
- criteria, 3-15
- all pending requests, 3-14
- by
- DN or DN component, 3-15
- email, 3-15
- serial number, 3-15
- for single certificate or request, 3-14
- single issued certificate, 3-14
- single request, 3-14
- using advanced DN, 3-17
- using Certificate Status, 3-17
- using DN, 3-16
- using request status, 3-16
- using serial number range, 3-17
- Search Certificate Request using Request Status, 3-16
- Search Using Advanced DN, 3-17
- Search Using Certificate Status, 3-17
- Search Using DN, 3-16
- Search Using Serial Number Range, 3-17
- secure communications, 1-1
- secure email, 2-5
- Secure Socket Layer (SSL-based) Authentication, 2-10
- Secure Sockets Layer, 1-8
- SSL, 1-8
- security icon, 7-17
- security policy, 2-11
- self-service, 2-6
- Send SMIME E-Mails, 6-3
- sending
- signed alerts & notifications, 4-5, 6-3, 6-4
- serial number
- certificate, 1-4
- new Sub CA, B-4
- range, 3-15
- range search, 3-17
- Sub CA, B-6
- serial number search, 3-15
- server, 3-16
- certificate type, 5-23
- certificates, 5-6, 7-3, 7-13
- types, 7-13
- SSL authentication, 6-3
- server certificate
- acquiring, 7-13
- server entities, 7-1
- verification, 3-18
- server request
- manual, 2-11
- servers
- multiple, 3-18
- Server/SubCA
- certificate request, 7-13, 7-14, B-2, B-5, B-6
- enrollment form, 7-13, 7-14, B-2, B-5, B-6
- Server/SubCA Certificates Tab, 7-13
- Server/SubCA Certificates tab, 2-8, 7-4
- session key management, 1-9
- set, A-3, A-5
- setpasswd, A-3, A-5, A-9
- settings
- database, 4-8
- directory host/agent/port in use, 4-8
- General subtab, 6-18
- SHA1 with RSA, 3-18
- sign digital transactions, 1-6
- signature
- digital, 1-1, 1-4
- signature algorithm, 3-18
- signer, 7-6, 7-9
- signing, 1-3, 2-9, 7-3, 7-7, 7-14, A-2, A-11
- certificate, 7-4
- certificate authority, 1-3
- certificates, 7-4
- code, 7-4
- message digests, 7-3
- software, 7-4
- signing certificate, 2-11
- single certificate or request
- finding, 3-14
- Single Sign-on, 2-6
- single sign-on, 1-1, 1-7, 1-9, 2-3
- Single Sign-on (see SSO), 3-18
- Single Sign-on Authentication (SSO), 7-5
- smart card, 2-7, 3-5, 7-5
- smart cards, 2-9
- SMIME, 3-18
- SMIME wallet, 6-2, 6-4
- smime_enc
- usage type in predicates, 5-23
- smime_sign
- usage type in predicates, 5-23
- software
- signing, 7-4
- SSL, 1-4, 1-5, 1-8, 1-9, 2-11, 7-4, 7-10, A-9
- authentication, 7-4
- certificate, 2-11
- not SSO default, 3-19
- PKI requires, 3-19
- port, 3-7, 3-19
- publishing, 4-7
- user
- validity period, 5-7
- user can renew, 7-12
- user can revoke, 7-12
- validity check, 3-18
- with OCA, 6-3, B-6
- ssl
- usage type in predicates, 5-23
- SSL authentication
- server, 6-3
- SSL mode
- configured automatically, 6-6
- SSL server
- wallet password, 6-6
- SSL Server wallet, A-6
- SSL wallet, 6-2
- SSO, 1-9, 2-3, 2-8, 2-9, 2-10, 2-11, 2-12, 3-18, 7-4, 7-5, A-7
- application usage, 3-23
- broadcast OCA request page, 3-18, 3-19
- can use OCA certificate, 3-20
- default deployment, 3-19
- enabling PKI with OCA, 3-22
- getting an OCA certificate directly, 3-18
- import certificate to browser, 3-22
- link with OCA, 3-20
- login page, 7-5
- mod_osso, 2-9
- OCA configuration choices, 3-18
- registration tool, 3-22
- re-registering, 3-22
- server restart, 3-20
- usage of certificates, 3-23
- user
- validity period, 5-7
- user can renew, 7-12
- user can revoke, 7-12
- users
- choose key size, 3-21
- wallet, 6-6
- welcome page, 3-21
- SSO Certificate Request, 3-19
- SSO wallet
- encrypted, 6-6
- protected by file permissions, 6-6
- standards, D-1
- start, 2-8, 3-1, 3-2, 3-7, A-2, A-3, A-5, A-8
- OC4J, 3-20, 5-33, 6-9, 6-16, 6-17, A-8, A-14, B-3
- ohs, 5-33, 6-16, A-8, A-14, B-3
- status, 3-2, A-5, A-8
- approved, rejected, or pending, 3-14
- certificate
- valid, revoked, expired, 3-15, 3-17
- RenewalRequestConstraint, 5-12
- RevocationConstraints, 5-11
- RSAKeyConstraints, 5-5
- uniquecertificateconstraint, 5-9
- validity rule, 5-7
- Steps in Creating a New Policy Plug-in, 5-32
- stop, 2-8, 3-1, 3-2, 3-6, A-3, A-6, A-8
- OC4J, 3-20, 5-33, 6-9, 6-16, 6-17, A-8, A-14, B-3
- ohs, 5-33, 6-16, A-8, A-14, B-3
- storing connection information, 6-18
- string values, 5-23
- Structure of the Administration Interface, 4-1
- Sub CA
- common name, B-6
- new
- invalidates older SMIME certificate, B-7
- invalidates older SSL certificate, B-6
- serial number, B-4
- serial number, B-6
- Sub CA certificate, 3-11
- sub CA certificate
- acquire and import, B-1
- Sub CA Wallet
- installing/importing, B-3
- Sub CA wallet
- directory, B-4
- generating, B-5
- Sub CA wallets, B-5
- SUBCA, A-4
- subdivisions
- as domain components, E-3
- Subject Name, 3-4
- Subordinate CA
- certificates, 7-13
- subordinate CA, 1-3, 2-11, 7-13
- geographical advantages, 2-11
- subordinate CA request
- manual, 2-11
- subordinate certificate authority
- acquire and import, B-1
- subordinate organizations
- Sub CA wallets, B-5
- subscriber name, 3-23
- subtabs, 3-8, 5-13
- General, 4-6
- SUPERSEDED (revocation code), 3-7
- Superseded (revocation reason), 3-12
- Support for Open Standards, 2-7
- symmetric, 1-2
- synchronization
- directory, 4-6
- syntax, A-3, A-7
T
- tabs, 2-8
- Administration Setup, 2-8
- Certificate Management, 2-8
- certificate management, 3-8
- tasks
- configuration, 4-3
- general subtab, 4-4
- notification subtab, 4-3
- policy subtab, 4-4
- Thawte, 1-3
- third-party, 7-14
- SSL wallet, 6-6
- trusted, 1-3
- third-party wallet, A-6
- top-down evaluation of predicates, 5-26
- TRACE, A-5
- trace, 6-12
- clearing, 6-13
- oca.trc, 6-13
- trace file, 4-7
- tracer, A-6, A-8
- tracing, 4-7
- trust
- levels, 1-3
- paths, 2-11
- trust environment, 3-18
- trust point, 6-6, B-1
- trust points
- copying, B-6
- trusted certificate, B-5
- editing uses, 7-7, 7-8
- trusted entities, 1-2, 1-3, 3-11
- trusted-certificate-DNs
- allow/disallow requests, 5-16
- Trusting a Certificate Issuer in Internet Explorer, 7-7
- trusting a certificate issuer in Netscape, 7-8
- type, A-2, A-9
- types
- certificate, 7-3
- in predicates, 5-23
U
- unauthorized access, 1-6
- prevention, 1-2
- UniqueCertificateConstraint, 5-4, 5-8
- checks usage and DN, 5-9
- uniquecertificateconstraint
- parameter, 5-10
- UNIX, 3-7
- unlinksso, 3-20, A-3, A-6
- UNSPECIFIED (revocation code), 3-7
- Unspecified (revocation reason), 3-12
- update CRL, 2-8
- updateconnection, A-3, A-6
- updating the CRL, 3-17
- URL
- certificate request for SSO users, 3-19
- URLC token, 3-23
- usage
- CA signing, B-5
- usages
- in predicates, 5-23
- User Certificates page, 2-8
- User Certificates tab, 2-8
- user interface
- accessing, 7-2
- certificate operations, 7-12
- certificate renewal, 7-12
- certificate retrieval, 7-12
- certificate revocation, 7-12
- configuring your browser to trust OCA, 7-7
- downloading a CA certificate, 7-14
- downloading CRL, 7-15, 7-16
- end-user tabs and processes, 7-3
- exporting wallet from browser, 7-17
- importing certificate from your file system, 7-19
- importing certificate to browser, 7-16
- manual authentication, 7-11
- server/subca certificates tab, 7-13
- SSL, 7-10
- SSO, 7-5
- subordinate CA certificates, 7-13
- user certificates tab, 7-4
- Using Advanced Search, 3-15
V
- validation
- key, 1-3
- validity period, 3-3, 3-5, 3-11, 3-14, 5-4, 7-6, 7-13
- default maximum, 5-7
- default minimum, 5-7
- default period, 5-7
- defaults, 5-16
- for SSO- or SSL-authenticated users, 3-13
- for the CA, 5-8
- default, 5-8
- minimum and maximum, 5-6
- narrow/widen range, 5-16
- predicate, 5-7
- rejecting, 5-6
- renewcert, 6-4
- validityPeriod
- renewal default, 5-12
- ValidityRule, 5-4, 5-6
- values, 5-2
- in predicates, 5-23
- parameters, 5-17
- Verisign, 1-3
- view, 3-11, 7-3
- log or trace, 4-7
- View Details, 3-10, 3-14
- View Logs Tab, 4-9
- View Policies For, 5-14
- Viewing Details of Certificates, 3-11
- viewing logs, 3-1
W
- wallet
- as container, 1-5
- CA SMIME
- regenerating, 6-2, A-10
- CA SSL
- regenerating, 6-2, A-10
- compromised or corrupted, 6-3, B-6
- contents, 1-5
- Oracle, 1-5
- password, 6-3, 7-19
- changing, 6-5
- password superseded, 6-6
- regenerated, 6-3, B-6
- regenerating, 6-2
- wallet operations, 6-1
- wallet-location, A-7
- wallets, 1-8, 6-1, 6-4, A-2, A-11
- backing up, 6-6
- CA SMIME, 6-3
- regenerating, 6-3
- SMIME, 6-4
- SSO format, 6-6
- walletwrl, A-7
- web administration interface, 3-7
- web administrative interface, 3-1
- access, 3-4
- web administrator certificate, 3-3, 3-6
- web administrator's certificate
- revoking, 6-8
- web interface
- administrative, 2-8
- end-user, 2-8
- welcome page, 3-3
- for SSO users, 3-21
- window
- renewal, 3-10, 3-13, 5-12, 5-16
- Windows NT, 3-7
- writing a policy plug-in, 5-3
X
- X.500, E-3
- X.509, 1-4, 1-8, 2-1, 2-7, 2-9, 2-10