Index
A B C D P T D E F G H I J K L M N O P R S T U V W X
Numerics
- 78387
- TS TblBodySimp
- changesecurity, A.1
A
- Accessing the User Interface, 7.1
- acquire subCA certificate, B
- acquiring a server certificate, 7.2.3
- Add, 5.4.5.1
- add, 5.4.5
- add a policy (custom only), 5.4.5.5
- Add Another Row, 5.5.1.4
- adding
- a policy, 5.6
- custom policy, 5.6.2
- policies, 5.4, 5.4
- Adding Predicates, 5.5.1.4
- ADMIN, A.1
- administering
- policies, 5.2
- administration interface, 3.4, 4.1
- administrative password, 3.3
- Administrative Task Overview, 3, E
- Administrator
- types of, A.6
- administrator
- certificate, 2.2.3, 3.5.3
- form, 2.2.3
- new, 3.3, 6.2.3
- password, 2.2.3, 3.2, 3.2, 3.2
- administrator certificate, 3.4
- administrator password, B.2
- ocactl requires, 6.1.4
- administrator's certificate
- importing, 2.2.3
- installing, 2.2.3
- admin.log, 6.5.1, 6.5.1, A.16
- admin.trc, 6.5, 6.5.1, 6.5.1, A.16
- advanced DN, 3.5.6.3
- Advanced Topics, 6
- Affiliation Change (revocation reason), 3.5.3
- AFFILIATION_CHANGE (revocation code), 3.3
- alerts, 4.2.2.2
- CA SMIME wallet, 6.1.2.1
- configuring, 4.2.2.1, 6.1.2.1, 6.1.2.1
- CRL generation failure, 4.2.2.2
- All Pending Requests, 3.5.5
- allowExpiredCerts, 5.3.4
- allowRenewal, 5.3.5
- altering
- requests, 5.3
- ancestors, B.2.1
- AND, 5.5
- Apache, 3.8, 6.2.1
- Oracle HTTP Server, 6.1.2
- APIs, 5.5, 5.6
- and plug-ins, 5.2
- application
- SSO usage, 3.7.3
- apply policy checkbox, 5.4
- applying
- policies, 5.2
- policy default values, 5.5.1
- approval
- manual, 7.2
- approve, 2.2.3, 3.5, 3.5.1, 3.5.1, 3.5.5
- approved, 2.2.3
- Approving Certificate Requests, 3.5.1
- Approving or Rejecting Certificate Requests, 3.5.1
- asterisk
- in predicate expression, 5.5
- matches attributes, 5.5
- not string matching, 5.5
- asymmetric, 1.1.1
- attributes, 1.3.3.3
- asterisk matches, 5.5
- in predicates, 5.5
- authentication, 1.1, 1.2, 1.3.1, 1.3.3.3, 2.1.4, 2.3, 2.3, 3.7.3, 7, H
- certificate usage definition, D.1
- certificate-based, 2.3.2
- change method, 2.2.3, 7.2
- checking the CRL, 3.6
- client certificate, 3.2
- configuring for SSL & SSO, 4.2.4.2
- form, 3.2
- manual, 7.2.1.4
- mod_osso, 2.3
- password-based, 2.3.1
- SSL, 7.2, 7.2.1.3
- SSL server, 6.1.2
- SSL-based, 2.3.1
- SSO, 3.7.2
- user, 3.5.1.1
- authority
- certification, 1.1.2
- automatic certificates for SSL/SSO users, 7.2
- automatic client users, 5.3.2
B
- backing up
- wallets, 6.2.1
- backup and recovery
- considerations, 6.8
- backup and recovery procedures, 6
- BASE64, B.1
- CRL, 7.4.2
- BASE64 certificate, B.2.1
- BasicConstraintsExtension, B.2
- benefits
- OracleAS PKI, 1.3.2
- benefits of a PKI, 1.2
- big-endian order, 5.5
- BigIP, F
- binary copy of CRL, 7.4.2
- binary number
- key, 1.1.1
- bits
- set for extensions, B.2
- broadcasting OCA request page to SSO users, 3.7, 3.7.1
- browsers, 1.3.3.1, 2.2.1
- configuring, 7.2.1.2
- import certificate, 3.7.2
- import SSO certificate, 3.7.2
- password, 3.2, 3.2
- present certificates to SSO, 3.7.3
- use CRLs, 3.6
- Built-in Plug-in Policy Modules, 2.2.2
C
- CA, 1.1.2, 1.1.2.2, A.1, A.6
- hierarchy, B.2
- key size choices, A.1
- levels, 1.1.2.2
- new
- new signing password, B.2
- root, 1.1.2.2
- signing, 1.1.2.1
- subordinate, 1.1.2.2
- ca
- certificate type, 5.5
- CA certificate
- new, 6.1.1, A.7
- save or install, 7.3
- CA Compromise (revocation reason), 3.5.3
- CA hierarchy, B.2.1
- setting up, B
- CA key
- compromised, 6.1.1, 6.2.2
- CA Signing
- certificate usage definition, D.1
- CA signing, 7.2.3
- wallet, 3.8
- CA signing certificate, 6.1.1, 6.1.1
- invalid, 6.1.1, A.7
- CA signing wallet
- regenerating, 6.1.1
- CA SMIME
- key size choices, A.1
- CA SMIME wallet, 6.1.1
- generating, B.2.2
- signing alerts & notifications, 6.1.2.1
- CA SSL, A.8
- CA SSL wallet, 3.8, 6.1.1
- generating, B.2.2
- regenerating, 6.1.2
- CA_COMPROMISE (revocation code), 3.3
- card reader, 7.2.1
- case-insensitive
- strings in predicates, 5.5
- CASMIME, A.1, A.6
- CASSL, A.1, A.6
- key size choices, A.1
- centralization, 1
- Certificate, 3.5.3
- certificate, H
- administrator, 3.4, 3.5.3
- administrator information required, 3.2
- administrator request, 3.2
- all invalidated, 6.1.1, 6.1.1, A.7
- automatic for SSL/SSO users, 7.2
- BASE64, B.2.1
- compromised, 3.5, 3.5.3, 3.5.3
- contents, 1.1.2.3
- contents and uses, 1.1.2.3
- digital, 1.1.2
- download, 7.2
- download into file system, 7.1
- expired, 3.5.4, 5.3, 5.3.4
- expiring, 6.1.3
- extensions, 1.1.2.3
- finding, 3.5.5
- fingerprint, 1.1.2.3
- getting a, 2.3.1
- import, 3.2, 3.7.2, 7.2
- import into browser, 7.1
- import to browser, 3.2
- import to file system, 7.7
- inconsistent state, 6.2.2
- invalidated, 6.2.2
- issued upon request for SSO/SSL-authenticated user, 4.2.4.2
- management, 3, 3, 3.5
- manual, 5.3.2
- multiple, 5.3
- multiple constraint, 5.3.3
- new CA, 6.1.1, A.7
- new request, 7.2
- new required, 6.2.2
- owner, 3.5.6.2
- parameter values
- restricting, 5.2
- pending request alerts, 4.2.2.2
- PKCS#10 request, 2.2.1
- PKI, 1.1.2
- policies, 5.2
- properties, 2.2.2
- publish SSO, 3.7.2
- publishing, 4.2.4.1, 6.6.3
- purposes, 2.3.2
- rejecting, 3.5.1.2
- renew, 7.2
- renewal window, 3.5, 3.5.4, 5.3.5, 5.3.5, 5.3.5, 5.4.3
- renewing, 3.5.4, 6.1.3, 7.2.2, 7.2.2.2
- replace administrator, 3.3
- request
- SSO, 3.7.1
- request URL for SSO, 3.7.1
- requests, 1.3.3.1, 2.2.1, 2.2.1
- pending, 3.4.1
- status, 2.2.3
- retrieving, 7.2.2, 7.2.2.1
- revoke, 7.2
- revoking, 3.5.3, 7.2.2, 7.2.2.3
- revoking expired, 5.3.4
- root CA, 3.5.3
- save or install, 7.2
- search, 3.5.5
- separate, 1.1.2.3
- serial number, 1.1.2.3
- server, 5.3.2, 7.2, 7.2.3
- server, acquiring, 7.2.3
- server/subCA, 7.2.3
- signer, 7.2.1.1, 7.2.1.2.2
- signing, 1.1.2.3
- SMIME invalidated, B.2.2
- SSL, 1.1.2.3
- SSL invalidated, B.2.2
- SSO usage, 3.7.2, 3.7.3
- status, 3.5.6, 3.5.6.5
- Sub CA, 3.5.1.1
- trusted, B.2.1
- editing uses, 7.2.1.1, 7.2.1.2.2
- types, 7.2
- types in predicates, 5.4.5.1, 5.5
- user, 7.2.1
- using existing, 4.2.4.2
- view, 7.2
- viewing details, 3.5.2
- X.509, Preface, 1.1.2.3, 1.1.2.3, 1.1.2.3, 1.3.3.1, 2, 2.1.1, 2.1.1, 2.2.1, 2.3, 2.3.2, A.11, A.11, B.2, D, H, H, H
- Certificate Authority
- CA, 1.1.2.2
- certificate authority, 1.3.1, H
- signing, 1.1.2
- Certificate Management Tab, 3.4.1
- Certificate Management tab, 2.2.3
- Certificate Renewal, 7.2.2.2
- Certificate Renewal Policy as Shipped, 5.4.3
- Certificate Request Details screen, 3.5.1.1
- Certificate Request form, 7.2.1.1
- Certificate Request Policies as Shipped, 5.4.1
- Certificate Retrieval, 7.2.2.1
- Certificate Retrieval, Renewal, and Revocation, 7.2.2
- Certificate Revocation, 7.2.2.3
- Certificate Revocation List, 6.2.2, H
- certificate revocation list, 3.6
- Certificate Revocation List (CRL), 2.2.3
- Certificate Revocation Policy as Shipped, 5.4.2, 5.4.4
- certificate usage
- in predicates, 5.5
- CERTIFICATE_HOLD (revocation code), 3.3
- certificates
- life-cycle, 1.3.3.4
- certification authority, 1.1.2
- Certification Practice Statement, 4.4
- certified, 3.5, 3.5.6, 3.5.6.5
- Cessation of Operation (revocation reason), 3.5.3
- CESSATION_OF_OPERATION (revocation code), 3.3
- challenges, 1
- changes
- policy, 5.4
- ports or nodes, A.1
- changesecurity, 6.6.1, A.1
- changesecurity command, 6.6.1
- changing
- method of authentication, 7.2
- wallet password, 6.1.4
- changing OCA's IM Services, 6.6.1, 6.6.1
- changing passwords, 6.1.4
- Changing Privileged Passwords, A.6
- class, 5.4, 5.4.5.5
- register, 5.6
- clear, A.1, A.1
- clearing
- log or trace
- deletes contents, 6.5.1
- log or trace data, 6.5.1
- client
- certificate type, 5.5
- client locale, 6.2.4
- clientAuth, D.1.1
- CN
- in DN, 5.5
- code Signing
- certificate usage definition, D.1
- code signing
- certificates, H
- codes
- revocation, 3.3
- codeSigning, D.1.1
- cold failover
- configuration, 6.7.1
- deployment, 6.7.1
- Collaboration Suite, 2.1.3
- comma, 5.3.5, 7.2.1.4, C.2.2, C.4.1, H
- command-line interface, 3
- commands, A.1
- clear, A.1
- generatewallet, A.1
- help, A.1
- importwallet, A.1
- linksso, A.1
- renewcert, A.1
- revokecert, A.1
- set, A.1
- setpassword, A.1
- start, A.1
- stop, A.1
- unlinksso, A.1
- updateconnection, A.1
- when take effect, 6.1.4
- Common Name, 3.5.5
- common name, 3.2, 3.2
- Sub CA, B.2.1
- complete
- DN, 5.5
- components
- needed by OCA, 2.5
- Oracleas PKI, 1.3.3
- Components of the OracleAS PKI, 1.3
- compromised
- CA key, 6.1.1, 6.2.2
- compromised certificates, 3.5, 3.5.3, 3.5.3
- concepts
- policy, 5.1
- configuration
- cold failover, 6.7.1
- configuration change, C.3.3
- configuration choices, 3.7, 3.7, 3.7
- configuration file, A.1, A.3
- configuration management, 3
- alerts, 4.2.2.2
- subtabs, 4.2
- tab, 4.2
- Configuration Operations for Oracle Application Server Certificate Authority, 6.2
- configuration tasks, 4.2.1
- configure
- log & trace, 4.2.4.5
- configuring
- Apache, 6.2.1
- on web, 6.2
- sending signed alerts and notifications, 4.2.2.1, 6.1.2.1, 6.1.2.1
- site, 6.2
- SSL automatically, 6.2.1
- Sub CA, B.2.1, B.2.1
- using ocactl, 6.2
- Configuring Your Browser to Trust Oracle Application Server Certificate Authority, 7.2.1.2
- connection information
- changed strings, A.1
- where stored & displayed, 6.6.3
- connections, 4.2.4.7
- changed nodes or ports, A.1
- OCA repository and directory, 6.6.3
- container
- called database, cache, or wallet, 1.1.2.4
- contents, 1.1.2.4
- for certificates, 1.1.2.4
- wallet, 1.1.2.4
- containers, 1.3.3.1
- PKI, 1.1.2.4
- contents
- certificate, 1.1.2.3
- container, 1.1.2.4
- contiguous
- DN, 5.5
- contiguous DN, 5.3.5
- contiguous string, 3.5.6
- convertwallet, 6.2.1, 6.2.1, A.1, A.1, A.2, A.2
- copying
- BASE64 certificate, B.2.1
- CRLs, 3.6
- trust points, B.2.1
- copying CRLs, 3.6
- CPS (certification practice statement), 4.4
- credentials
- PKI, 1.1.2.4
- criterion
- for predicate order, 5.5.1
- CRL, 2.2.1, 2.2.3, 3.5, 3.6, 6.2.2, 7.1
- auto-generation, 3.6
- BASE64 form to cut and paste, 7.4.2
- binary copy, 7.4.2
- checking, 3.6
- copying, 3.6, 3.6
- download, 3.6
- download into file system, 7.1
- generating, 3.6
- handling, 7.4
- import, 3.6
- import into browser, 7.1
- multiple, 3.6
- path used by server, 3.6
- purpose, 3.5.5
- save or install, 2.2.3, 7.2, 7.4.2
- saving to multiple servers, 3.6
- scheduling generation, 4.2.2.3
- updating, 3.6, 3.6
- usages, 3.6
- CRL alerts, 4.2.2.2
- CRL validity, 3.6
- days to next update, 3.6
- CRL_SIGN, B.2
- cryptographic service provider, 3.2
- custom policy, 5.6
- adding, 5.6.2
- name description and class, 5.6.2
- plug-ins, 5, 5.4.2, 5.4.4
- customize
- policies, 2.2.2
- cut and paste
- BASE64 CRL, 7.4.2
- cut-and-paste, 1.3.3.4, 3.2
- cutting and pasting, 1.3.1
- cwallet.sso, 6.1.3, 6.2.1, 6.8, A.2
D
- data integrity, 1
- database
- connect string used, 4.2.4.7
- database connection pool, A.1, A.3
- Database Pool Scheme, 4.2.4.7
- Database Pool Size, 4.2.4.7
- Database Settings, 4.2.4.7
- date, 6.2.4
- days to next CRL update, 3.6
- DB, A.1, A.6
- dc (domain component), H
- decipher, 7.2
- decryption, 1.1, 1.1.1, 7.2
- by appropriate recipient only, 1.1
- infeasible, 1.3.3.2
- messages, 1.1.2.1
- time and effort, 1.2, 1.3.3.2
- Default Base DN Components, 4.2.4.6
- Default Constraint-specific Policy Rules, 5.3
- default deployment, 2.5
- advantages, 2.5
- installation instructions, 2.5
- default period
- renewal, 5.3.5, 5.3.5, 5.3.5, 5.4.3
- default policy rules, 2.2.2
- defaults, 5.1, 5.4.5.1
- in a policy
- when used, 5.5
- key sizes, 5.4.1
- policies, 5.3
- renewal validity period, 5.3.5
- validity period, 5.4.1
- Delegated Administration Service, 2.1.1, 2.1.3
- delegated administration service, 1
- delete, 5.4.5
- predicate, 5.4.5.3
- delete a policy, 5.4.5.3
- deleted policy, 5.4.5.2
- deleting
- policies, 5.4
- departments
- Sub CA signing wallet, B.2.1
- deployment, 2.5
- default, 2.5
- advantages, 2.5
- installation instructions, 2.5
- recommended, 2.5
- advantages, 2.5
- installation instructions, 2.5
- strategies, 2.5
- using cold failover, 6.7.1
- describing
- a policy plug-in, 5.2
- Developing a Custom Policy Plug-in, 5.6
- digital certificates, 1.1.2, 1.2
- approving requests, 3.5.1
- binary file, A.7
- contents and uses, 1.1.2.3
- encryption, 2.3
- management, 3.5
- pending, 2.2.5
- rejecting, 3.5.1.2
- renewing, 3.5.4
- request, 2.2.1, 2.2.3, 2.2.5, 2.3, 2.3.1, 2.3.3
- revoking, 3.5.3
- signing, 2.3
- signing/SSL, 2.4
- SSL, 2.3
- viewing, 3.5.2
- digital signature, 1, 1.1.2.3, 1.1.2.3, 1.2, 1.3.2, 2.2.1
- digital transactions
- sign, 1.2
- DIGITAL_SIGNATURE, B.2
- directory
- connections, 6.6.3
- for Sub CA Signing wallet, B.2
- directory integration services, 1
- directory organization object, H
- DN, H
- directory services, 1
- Directory Settings, 4.2.4.8
- directory synchronization
- scheduling, 4.2.2.3
- disable, 5.4.5
- disabling
- policies, 5.2, 5.4
- RenewalRequestConstraint, 5.3.5
- RevocationConstraints, 5.3.4
- RSAKeyConstraints, 5.3.1
- uniquecertificateconstraint, 5.3.3
- validity rule, 5.3.2
- disabling policy rules, 5.2
- disabling proxy servers, F
- displaying connection information, 6.6.3
- distinguished name, 3.5.6.2, 5.5
- DN, 1.1.2.3
- distinguished name (DN), 1.1.2.3, H
5
- DN, 1.1.2.3, 2.3.3, 3.2, 3.2, 3.2, 3.2, 3.2, 3.2, 3.5.6, 3.5.6, 3.5.6.2, 3.5.6.2, 3.5.6.2, 3.5.6.2, 3.5.6.2, 3.5.6.3, 3.8, 3.8, 3.8, 3.8, 3.8, 4.2.4.6, 5.3.3
- advanced, 3.5.6, 3.5.6.3
- configuring defaults for manual enrollment, 4.2.4.6
- contiguous string to root, 3.5.6
- distinguished name, 3.5.6.2
- relative, 3.5.6.3
.
- DN, 5.3.3, 5.3.3, 5.3.3, 5.3.5, 5.4.1, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5, 5.5.1, 5.6.1, 5.6.4
- complete, 5.5
- contiguous & complete, 5.3.5
- follows RFC1779, 5.5
- in predicate, 5.5
- invalid, 5.5
- least significant component, 5.5
- matching, 5.5
- most significant component, 5.5
- partial, 5.5
- root, 5.5
- rules for matching, 5.5
- valid, 5.5
P
- private key, H
- public key
- for encryption, H
T
- DN, 6.4, 6.9, 6.9, 6.9, 6.9, 6.9, 7.2.1.4, 7.2.1.4, 7.2.1.4, C.2.2, C.2.2, C.4.1, C.4.1, C.4.1, C.4.1, C.4.1, C.5.1, H, H, H, H, H, H
- as root of directory information subtree, H
- dc, H
- domain component, H
- identifying a directory organization object, H
- subordinates can represent organization subdivisions, H
D
- DN field separator, 5.3.5, 5.5, 7.2.1.4, C.2.2, C.4.1, H
- domain component
- attributes, H
- re an organization's subdivisions or localities, H
- domain component, example, H
- domain components, 2.3.3
- Down CA Certificate, B.2.1
- download, 7.1
- CA certificate, 7.2
- CRL, 7.2
- into file system
- certificate or CRL, 7.1
- Download CRL, 3.6
- download CRL, 2.2.3
- Download to your local disk (CRL), 3.6
- downloading, 7.3
- downloading a CA Certificate, 7.3
- drastic operation, 3.5.3, 6.2.2
- dynamic, 4.2.4.7
E
- Ease of Use for Administrators and End Users, 2.2.3
- eavesdropper, 1.1.1
- E-Business Suite, 2.1.3
- edit, 5.4.5
- in Policy subtab, 5.2
- edit a policy, 5.4.5.1
- editing
- trusted uses, 7.2.1.1, 7.2.1.2.2
- elements
- in a log, 4.3
- of a practice statement, 4.4
- email, 3.5.1.1, 4.2.2
- server, sender, template, 4.2.2.1
- to SSO users for OCA URL, 3.7.1
- email address search, 3.5.6
- email clients
- use CRLs, 3.6
- verify incoming SMIME messages, 3.6
- emailProtection, D.1.1
- embedded HTML link
- for SSO users, 3.7.1
- enable, 5.4.5
- enable a policy, 5.4.5.2
- enabling
- a policy plug-in, 5.2
- RenewalRequestConstraint, 5.3.5
- RevocationConstraints, 5.3.4
- RSAKeyConstraints, 5.3.1
- uniquecertificateconstraint, 5.3.3
- validity rule, 5.3.2
- Enabling PKI Authentication with SSO and OCA, 3.8.1
- enabling policy rules, 5.2
- enabling proxy servers, F
- enabling ssl and pki for SSO, 3.8.1
- enabling SSL and PKI on SSO, E
- encryption, 1.1, 1.1.1, 1.1.2.3, 1.2, 1.3.3.2, 2.3
- algorithms, 1.1
- asymmetric, 1.1.1
- certificate usage definition, D.1
- messages, 1.1.2.1
- scheme, 1.1.1
- symmetric, 1.1.1
- unique for different users, 1.1
- end-entity, 3.5.6.2, 3.6, 7
- end-user, 3.5.6.2, 7
- interface, 7
- end-user interaction
- two types, 7.2
- End-User Tabs and Processes, 7.2
- enforcing
- policies, 5.2
- enrollment form
- Server/SubCA, 7.2.3, 7.2.3, 7.2.3, 7.2.4, 7.2.4, 7.2.4, B.1, B.1, B.2.1, B.2.1, B.2.1
- Enterprise User, 2.1.3
- entities
- trusted, 1.1
- vouch for relationship, 1.1
- entity, 1.1.2
- equal to, 5.5
- error, 7.2.1
- evaluating requests
- policies, 5.2
- evaluation
- of multiple predicates, 5.5.1
- evaluation example
- multiple predicates, 5.5.1.1, 5.5.1.2
- Evaluation Example for Multiple Predicates, 5.5.1.1
- events
- notification, 4.2.2
- ewallet.p12, 6.1.2, 6.1.3, 6.2.1, 6.2.1, 6.8, A.2, B.2, B.2.1
- examples
- of DN matching in predicates, 5.5
- existing certificates
- using, 4.2.4.2
- expired, 2.1.5
- expired certificate, 3.5.4
- expired certificates, 5.3, 5.3.4
- export, 1.3.3.1, 7.6
- certificate from browser, 7.6
- expression
- predicate, 5.1
- complete, 5.3.5
- contiguous, 5.3.5
- Expression text box, 5.4.5.1
- expressions
- logical, 5.5
- operators, 5.5
- predicate, 5.5
- extensions, 1.1.2.3
- external access, F
F
- Field Name
- form, 3.2
- file permissions
- protect SSO wallet, 6.2.1
- files
- admin.log, 6.5.1, A.16
- admin.trc, 6.5, 6.5.1, A.16
- cwallet.sso, 6.8
- ewallet.p12, 6.8
- ias.properties, 6.6.1
- log, 4.2.4.5
- oca_cps.html, 4.4
- oca.conf, 6.6.3, 6.8, 6.8
- oca.trc, 6.5, 6.5.1, A.16
- ocm_apache.conf, 6.8
- ocmpassword.p12, 6.8
- operating system, 6.5.1, A.16
- osso.conf, 6.8, E.3, E.3, E.3, E.3.1, E.3.1
- .p12, 7.7
- trace, 4.2.4.5
- find, 3.5.5
- finding (see listing & search), 3.5.5
- fingerprint
- certificate, 1.1.2.3
- firewall, F
- Fixed Increment, 4.2.4.7
- Fixed wait scheme, 4.2.4.7
- flexible policy, 2.2.2
- form
- administrator, 2.2.3
- authentication, 3.2
- field names, 3.2
- format, A.2
G
- Gemplus, 3.2, 7.2.1.1
- General subtab, 4.2.3, 4.2.4
- database & directory settings, 4.2.3, 4.2.4
- DN defaults, 4.2.3, 4.2.4
- parameters, 4.2.3, 4.2.4
- publishing, 4.2.3, 4.2.4
- settings, 6.6.3, A.1
- SSL & SSO, 4.2.3, 4.2.4
- general subtab tasks & discussions, 4.2.1
- generate CRL, 2.2.3
- generatewallet, A.1, A.1, A.1, A.7, A.8
- generating
- Sub CA signing wallet, B.2.1, B.2.2
- generating the CRL, 3.6
- get certificate, 2.3.1
- Globalization Support, 6.2.4
- Glossary, G, H
- Go (not Enter), 3.5.5
- graphical user interface (see GUI), 4.1
H
- help, A.1, A.1
- Hierarchical Certificate Authority Support, 2.4
- hierarchy of CAs, B.2
- hierarchy of trust, 1.1.2.2, 2.4
- geographically distributed, 2.4
- high availability, 1
- high-availability features, 6, 6.7
- Hold (revocation reason), 3.5.3
- home page, 3.4, 7.1
- host port number, 3.7.1
- HTTP Server, 3.1, A.2, B.2.2
- in SSL mode, 6.1.2
- HTTP server, 6.7.1
- http.conf, 7.4.2
- HTTPS, 2.3, 2.3.2, 2.5, 6.1.2, B.2.2
I
- ias.properties file, 6.6.1
- icon
- lock, 7.2.1.2.2, 7.2.2.3, 7.7
- identity, 1.1.2, 1.3.1
- Identity Management, 1.1.2.4, 2, 2.1.1, 2.1.3, 2.1.4
- identity management
- solution, 2.1
- Identity Management Infrastructure, 1.3.2
- ID/Serial, 3.5.5
- IETF, 1.1.2.3, 2.2.1
- IM Services
- changing OCA's, 6.6.1, 6.6.1
- import, 1.3.3.1, 3.5.1.1, 3.5.5, 6.2.1, 7.1, 7.2, 7.2, 7.2, 7.2, 7.2.1.1, 7.2.1.2.1, 7.2.1.2.1, 7.2.1.2.2, 7.3, 7.3, 7.3, 7.5
- administrator certificate, 3.2
- CA certificate, 6.2.1
- certificate, 3.7.2
- trusted activities, 7.2.1.2.2
- into browser
- certificate or CRL, 7.1
- import CA certificate, 6.2.1
- Import Certificate, 3.2
- import subCA certificate, B
- Import to Browser
- SSO, 3.7.2
- Import to Browser (CRL), 3.6
- importation, 3.2
- importing
- Sub CA Signing Wallet, B.2
- the administrator's certificate, 2.2.3
- Importing a Certificate from Your File System, 7.7
- Importing a Certificate to Your Browser, 7.5
- importwallet, A.1, A.1
- inconsistent state
- after CA revocation, 6.2.2
- Information message, 5.4.5.4
- infrastructure, 1, 1, 1.1.2.4, 2, 2.1.3
- re-associating, 6.6
- install, 1.3.3.1, 6.2.1, 7.1, 7.2, 7.2, 7.2.1.1, 7.2.1.2.1, 7.2.1.2.2, 7.3
- Install in Browser, 7.2.1.1
- installation, 2.5
- installation values, 3.8
- installing
- Sub CA Signing Wallet, B.2
- installing new CA
- steps, 6.2.2
- installing the administrator's certificate, 2.2.3
- integrity, 1.2
- Internet Explorer, 2.2.1, 2.3, 3.2, 7, 7.2.1, 7.2.1.1, 7.3, 7.4.1.2, 7.6, 7.7
- interoperability, 1.3.3.1, 1.3.3.1
- interval, 3.6
- CRL and certificate synchronization in directory, 4.2.2.3
- CRL generation, 4.2.2.3
- pending certificate requests queue length exceeded, 4.2.2.2
- introduction to OracleAS PKI, 1.3
- invalidating
- certificates, 6.2.2
J
- J2EE, 2.1.3
- JAAS, 2.1.3
- jar, 5.4, 5.4.5.5, 5.6.2
- Java class, 5.1, 5.6, 5.6.2
- Javadoc, 5.6
- jobs
- scheduled, 4.2.2.3
K
- key, 1.1.1
- asymmetric, 1.1.1
- binary number, 1.1.1
- in a PKI, 1.1.1
- owner, 1.1.2
- pairs, 1.1.1, 1.1.1, H
- private, 1.1.1
- public, 1.1.1, 1.1.2
- separate, 1.1.1
- symmetric, 1.1.1
- validation, 1.1.2
- Key Compromise (revocation reason), 3.5.3
- key lengths, 2.2.1
- key pairs, H
- Key Size, 7.2.1.1
- key size, 3.2, 3.2, 3.2, 7.2.1
- choices, A.1
- default maximum, 5.3.1
- default minimum, 5.3.1
- default range as shipped, 5.5.1.1
- minimum & maximum, 5.3.1
- predicate, 5.3.1
- RSAKeyConstraints, 5.3.1, 5.3.1
- key sizes
- defaults, 5.4.1
- narrow/widen range, 5.4.1
- Key Store, 7.2.1.1
- key store, 3.2
- KEY_CERT_SIGN, B.2
- KEY_COMPROMISE (revocation code), 3.3
- key-pairs, 1.2, 1.2, 3.2, 3.2, 7.2.1.1
- keys
- distribution methods, 1.1
- KeyUsageExtensions, B.2
L
- LDAP, 1.3.3.3, 2.2, A.1
- least significant component of DN, 5.5
- least significant RDN, 5.5.1
- levels
- CAs, 1.1.2.2
- trust, 1.1.2.2
- link OCA with SSO, 3.7
- linksso, 3.7.2, A.1, A.1
- list, 3.5.5
- of ports, 3.4
- revoked certificates, 3.5.5
- Listing a Certificate Request or an Issued Certificate, 3.5.5
- little-endian order, 5.5
- local entry name, 5.5
- locale, 6.2.4
- localities
- as domain components, H
- location of wallets and values, 3.8
- lock icon, 7.2.1.2.2, 7.2.2.3, 7.7
- LOG, A.1
- log, 6.5
- clearing, 6.5.1
- elements, 4.3
- stored in repository, 6.5.1
- log file, 4.2.4.5
- logger, A.1, A.3
- logging, 4.2.4.5
- logical
- operators, 5.5
- logical expression
- used in predicates, 5.5
- logs
- messages re errors during OCA use, 4.3
- viewing, 3, 4.3
M
- managing
- certificates, 3, 3.5
- configuration, 3
- policies, 5, 5.4
- overview, 5.2
- Managing Certificates, 3.5
- managing certificates, 3
- Manual
- Authentication, 7.2.1.4
- manual, 7.2.1
- Manual Approval, 2.3.3
- manual approval, 7.2
- additional options, 2.3.3
- information required, 2.3.3
- server and subordinate CA, 2.3.3
- manual authentication, 7.2.1.4
- manual user certificate, 5.3.2
- mapping a BigIP to an OCA virtual host, F
- match
- predicate, 5.5
- matching
- DNs, 5.5
- first not best, 5.5.1
- policy evaluations, 5.5
- results if no match, 5.5.1
- rules re DNs, 5.5
- MD5 with RSA, 3.6
- message
- shows change worked, 5.4.5.4
- message digests
- signing, 7.2
- messages
- private, 1.1.1
- Microsoft
- Basic Crypto, 3.2, 7.2.1.1
- Enhanced Crypto, 3.2, 3.2, 7.2.1.1
- mod_osso, E.3
- SSO, 2.3
- modifying policy rules, 5.2
- most significant component of DN, 5.5
- Mozilla, 7.2.1
- mozilla, 7.7
- multiple
- CRLs, 3.6
- predicates, 5.3.1
- multiple certificates, 5.3
- allow/disallow, 5.4.1
- constraint, 5.3.3
- same usage, 5.4.1
- Multiple Predicate Evaluation, 5.5.1
- multiple predicates, 5.5
- evaluation example, 5.5.1.1, 5.5.1.2
- multiple servers, 3.6
- saving CRL, 3.6
- mutual authentication, F
N
- name
- certificate signer, 7.2.1.1, 7.2.1.2.2
- naming
- a policy plug-in, 5.2
- National Language Support (NLS), 2.2.4, 6.2.4, 6.2.4
- Netscape, 2.3, 3.2, 7, 7.2.1, 7.2.1.1, 7.2.1.1, 7.4.1.1, 7.5, 7.6, 7.6, 7.7, 7.7
- Netscape Communicator, 2.2.1
- nickname, 3.7.3
- NLS, 2.2.4, 6.2.4, 6.2.4, 6.2.4
- nodes
- changes, A.1
- NON_REPUDIATION., B.2
- non-repudiation, 1, 1.2
- signed messages, 1.1
- not equal to, 5.5
- notification, 6.1.2.1
- events, 4.2.2
- notification subtab, 4.2.2
- notification subtab tasks & discussions, 4.2.1
- notifications
- CA SMIME wallet, 6.1.2.1
- configuring, 4.2.2.1, 6.1.2.1, 6.1.2.1
O
- OC4J, 2.5, 3.1, 6.7.1, A.1, A.2, A.3, A.11, A.12, B.2, B.2, B.2.2
- starting & stopping, 3.7.2, 5.6.2, 5.6.2, A.3, A.4, A.11, B.2
- stopping & starting, A.11, B.2
- OCA, 1.3.2, A.1
- repository, 2.2.5
- OCA connection information
- where stored & displayed, 6.6.3
- OCA repository, 6.1.1, A.7
- oca_cps.html, 4.4
- oca/bin, A.1
- oca.conf, 6.6.3, 6.8, 6.8, A.1, A.14
- OCAcrlBase64.txt, 7.4.2
- OCAcrl.crl, 7.4.2
- ocactl, 2.2.3, 3.1, 3.3, 3.5.3, 6.1.1, 6.1.3, 6.2.3, 6.7.1, A, C.3.3
- configure OCA link with SSO, 3.7.2
- general form, A.1
- Operations and Parameters, A.1
- requires admin password, 6.1.4
- oca.trc, 6.5, 6.5.1, 6.5.1, A.16
- ocm_apache.conf, 6.8
- ocmpassword.p12, 6.8
- OFF, A.1
- OHS, 2.5, 3.1, A.2
- ohs
- starting & stopping, 5.6.2, 5.6.2, A.3, A.11, B.2
- stopping & starting, A.11, B.2
- OID, 1.3.3.3, 2.5, 3.1, 6.6.3
- SSO usage, 3.7.2
- ON, A.1
- one-time session password, 1.3.3.2
- onnection strings, C.3.3
- open standards, 2.2.1
- operating system file permissions
- protecting SSO wallet, 6.1.2
- operating system files
- removing, 6.5.1, A.16
- operations, A.1
- PKI, 1.1.2.4
- operators
- logical, 5.5
- OPMN, 6.1.2
- opmnctl, 6.2.3
- OR logical expression, 5.5
- Oracle Application Server Certificate Authority, 2.1.4
- components needed, 2.5
- Oracle Certificate Authority
- OCA, 1.3.2
- Oracle Collaboration Suite, 2.1.4
- Oracle Home, 2.5
- Oracle HTTP Server
- Apache, 6.1.2
- checks SSL validity, 3.6
- Oracle Identity Management, 1, 1.1.2.4
- Oracle Internet Directory, 1.3.2, 1.3.3.3, 2.1.1, 2.1.3, 2.3.1, 3.1, 6.6.3
- SSO usage, 3.7.2
- Oracle Label Security, 2.1.3
- Oracle Single Sign-on Authentication, 2.3.1
- Oracle wallet, 1.1.2.4
- Oracle Wallet Manager, 1.3.3.1, B, B.2.1
- Oracle Wallet Manager (OWM), B.2.1
- ORACLE_HOME, 4.4, 5.4.5.5, 6.1.2, 6.2.1, 6.5, 6.5.1, 6.8, 6.8, B.2.2
- order of policies, 5.2
- order of predicates, 5.5.1
- osso.conf, E.3
- osso.conf file, 6.8, E.3, E.3, E.3.1, E.3.1
- overriding policies
- when issuing a certificate, 5.4
- overview
- web administrative interface, 3.4
- OWM, 1.3.3.1, 6.2.1, B, B.2.1
- owner, 3.5.6.2
P
- .p12 file, 7.7
- parameters, 5.1, 5.4.5.1, A.1, A.1
- allowExpiredCerts, 5.3.4
- defaults ranges & values, 5.1
- policy, 5.4
- validity constraints, 5.3.2, 5.3.2
- values, 5.4.5.1
- password, 3.3
- admin
- required for ocactl, 6.1.4
- administrator, 2.2.3, 3.1, 3.2, 3.2, 3.2, 3.2, 3.3, 3.3, B.2
- browser security, 3.2, 3.2
- changing, A.6
- encrypting private key, 6.1.1, A.7
- lost, 6.2.3
- new, A.6
- requested during generation, 6.1.1, A.7
- SSL Server wallet, 6.2.1
- store, B.2
- wallet, 6.1.2, 7.7
- changing, 6.1.4
- password store, A.7
- passwords, 7.6, 7.6, A.1, A.3, A.6, A.8
- CA, 6.1.4
- CA SMIME, 6.1.4
- CA SSL wallet, 6.1.4
- path
- CRL, 3.6
- path length, 3.5.1.1
- path-length
- number of Sub CA levels, B.2.1
- peer identity, 1.1.2.4
- pending, 2.2.3, 3.5, 3.5.6, 3.5.6.5
- pending certificate requests, 3.4.1
- PKCS #12, 1.3.3.1
- PKCS Standards, 2.2.1
- PKCS#10, 7.2.3, 7.2.3, B.2.1
- PKCS#10 Certificate Request, B
- PKCS#10 certificate request, 1.3.3.1, 2.2.1
- PKCS#12, 1.3.3.1, 6.1.2, 6.1.2, 6.2.1, 7.6, A.2, A.2, A.2
- PKCS#7, B.1
- PKI, 1, 7.2.4
- benefits, 1.2, 1.3.2
- certificate, 1.1.2
- components, 1.3.3
- containers, 1.1.2.4
- credentials, 1.1.2.4
- earlier costs and difficulties, 1.3.1
- enabling with SSL for SSO, E
- introduction, 1.3
- operations, 1.1.2.4
- requires SSL, 3.7
- what is a, 1.1
- with SSO and OCA, 3.8.1
- pki
- for secure data transmission and storage, 1.1
- PKI-based single sign-on, 1.3.3.3
- PKIX, 2.2.1
- plug-in policy modules, 2.2.2
- plug-ins, 5, 5.1, 5.2, 5.5, 5.6, 5.6.2
- class, 5.4
- custom
- examples, 5.6
- custom policy, 5.4.2, 5.4.4
- default, 5.6
- jar, 5.4
- policies, 2, 2.3.3, 3.2
- add (custom only), 5.4.5.5
- adding, 5.4, 5.4
- administering, 5.2
- altering requests, 5.3
- applying, 5.2
- certification practice, 4.4
- changes require restart, 5.4
- class, 5.4
- custom, 5.6
- no predicates, 5.5
- default rules, 5.3
- delete (custom only), 5.4.5.3
- deleting, 5.4
- disabling, 5.4
- edit, 5.4.5.1
- enable, 5.4.5.2
- enforcing, 5.2
- evaluate requests, 5.2
- for different user populations, 5.5
- formulating and applying, 5.2
- jar, 5.4
- managing, 5, 5.4
- order, 5.2
- overriding
- when issuing a certificate, 5.4
- parameters, 5.4
- predicates, 5.4
- processing, 5.2
- renewal, 5.4.3
- RenewalRequestConstraint, 5.3, 5.3.5
- reorder, 5.4.5.4
- reordering, 5.4
- restricting parameter values, 5.2
- RevocationConstraints, 5.3, 5.3.4
- RSAKeyConstraints, 5.3, 5.3.1
- sample custom, 5.4.2, 5.4.4
- sequence, 5.4
- supplied, 5.3
- supplied rules, 5.3
- UniqueCertificateConstraint, 5.3, 5.3.3
- ValidityRule, 5.3
- what they specify, 5.4
- policy, 2.2.2
- add (custom only), 5.4.5.5
- concepts terms and definitions, 5.1
- creating
- steps, 5.6.2
- custom plug-ins, 5
- defaults
- when used, 5.5
- delete, 5.4.5.3
- deleted, 5.4.5.2
- description, 5.4.5.5
- edit, 5.4.5.1
- enable, 5.4.5.2
- flexible, 2.2.2
- Java class, 5.1
- management, 5.2
- name, 5.4.5.5
- object class, 5.4.5.5
- predicate, 5.1
- processing
- sequential, 5.2
- processor module, 5.2
- rule, 5.1
- security, 2.2.2, 2.3.3
- Policy Actions
- edit enable disable delete reorder or add, 5.4.5
- policy default values
- applying, 5.5.1
- policy evaluations
- DN matching, 5.5
- policy modules, 2.2.2
- customize, 2.2.2
- policy rule
- multiple predicates, 5.5.1
- policy rules
- all re renewals, 5.4
- all re requests, 5.4
- all re revocations, 5.4
- and plug-ins, 5.2
- creating, 5.2
- enable disable or modify, 5.2
- Policy Sub-tab, 5.4
- Policy subtab, 5.2
- policy subtab tasks & discussions, 4.2.1
- pop-up
- blocking, 3.7.2, 3.7.2, 6.4, 6.4
- screen, 3.7.2
- port, 3.2, 3.2, 3.4, 7.1
- changes, A.1
- default values, 3.8
- host, 3.7.1
- information, 3.4
- list, 3.4
- SSL, 3.7.1
- practice statement, 4.4
- elements, 4.4
- predicate, 5.1
- adding, 5.5.1.4
- attributes, 5.5
- certificate types, 5.5
- corresponding values used, 5.5
- delete, 5.4.5.3
- expression, 5.1
- if no match, 5.5.1
- key size, 5.3.1
- matching request element, 5.5
- multiple, 5.5
- evaluation example, 5.5.1.1, 5.5.1.2
- not in custom policies, 5.5
- operators, 5.5
- optional, 5.5
- order, 5.5.1
- RenewalRequestConstraint, 5.3.5
- reordering, 5.5.1.3
- RSAKeyConstraints, 5.3.1
- specifics, 5.5
- strings
- case-insensitive, 5.5
- validity period, 5.3.2
- value
- asterisk, 5.5
- values, 5.5
- Predicate Attributes, 5.5
- predicate expression
- complete, 5.3.5
- contiguous, 5.3.5
- evaluation, 5.5
- logical, 5.5
- not matched, 5.5
- predicate order
- criterion, 5.5.1
- predicates, 5.4.5.1
- complex, 5.3.1
- examples, 5.3.1
- multiple sets, 5.3.1
- policy, 5.4
- Predicates in Policy Rules, 5.5
- preventing
- repudiation of signed messages, 1.1
- unauthorized access, 1.1
- private key, 1.1.1, 1.2, 3.5.3, 7.2, 7.2.2.3, 7.6, 7.6, 7.6
- compromised, 3.3, 6.2.3
- encrypted, 6.1.1, A.7
- for decryption, 1.1.1
- lost, 3.3
- new CA, 6.1.1, A.7
- password lost, 6.2.3
- signs certificate, 1.1.2.1
- stolen, 3.3, 6.2.3
- validation using public key, 1.1.2.1
- private messages, 1.1.1
- privileges, 1.3.3.3
- propagating, 2.1.4
- properties
- certificate, 2.2.2
- properties file, 6.6.1
- protocols
- PKCS#10, 2.2.1
- Signed Public Key and Challenge, 2.2.1
- provisioning, 2.3.1
- automatic, 2.3
- conventional, 2.3
- Provisioning Integration, 2.1.3
- proxy servers, F
- public key, 1.1.1, 7.2, 7.2.4
- can verify CA signature, 1.1.2.1
- for encryption, 1.1.1
- owner, 1.1.2.1
- Public Key Infrastructure, 1
- public-key certificates, 1.2
- publish
- OCA URL for SSO users, 3.7.1
- SSO certificate, 3.7.2
- publishing, 2.1.4, 2.1.5
- certificates, 4.2.4.1, 6.6.3
R
- RA, 1.1.2.2, 1.1.3, 1.3.1, 1.3.2
- within OCA, 1.1.3
- ranges, 5.1
- RDN, 3.5.6.3, 5.5, 5.5, H
- child of RDN, 5.5
- least significant, 5.5, 5.5.1
- multiple usage, 5.5
- reason codes
- revoke, 3.3
- reasons
- revocation, 6.2.3
- re-associating
- infrastructure, 6.6
- repository, 6.6
- Re-associating Oracle Application Server Certificate Authority Infrastructure, 6.6
- recommended deployment, 2.5
- advantages, 2.5
- installation instructions, 2.5
- regenerating
- CA signing certificate, 6.1.1
- CA Signing Wallet, 6.1.1
- CA SMIME wallet, 6.1.1, 6.1.2.1, A.7
- CA SSL certificate
- circumstances, B.2.2
- CA SSL Wallet, 6.1.2
- CA SSL wallet, 6.1.1, A.7
- wallet, B.2.2
- wallets, 6.1.1, 6.1.2
- Re-generating the CA Signing Wallet, 6.1.1
- Regenerating the Certificate Authority's SSL Certificate and Wallet, A.8
- Regenerating the Root Certificate Authority's Certificate, A.7
- register
- class, 5.6
- Registration Authority
- RA, 1.1.2.2
- registration authority, 1.1.3, 1.3.1
- registration tool
- SSO, E.3
- reject, 2.2.3, 3.5, 3.5.1.2, 3.5.5
- rejected, 2.2.3, 3.5, 3.5.6, 3.5.6.5
- Rejecting Certificate Requests, 3.5.1.2
- relative distinguished name, 5.5
- relative DN, 3.5.6.3
- Remove From CRL (revocation reason), 3.5.3
- remove link with SSO, 3.7.2
- REMOVE_FROM_CRL (revocation code), 3.3
- removing
- operating system files, 6.5.1, A.16
- renew, 1.1.3, 3.5, 3.5.5, 5.3, 5.3.5, 5.3.5, 5.3.5, 5.4.3, 7.2, 7.2.2
- expired certificates, 5.3
- whether/when, 5.4.3
- renewal, 5.3.5
- all policy rules, 5.4
- default period, 5.3.5, 5.3.5, 5.3.5, 5.4.3
- policy, 5.4.3
- renewal window, 3.5, 3.5.4, 5.3.5, 5.3.5, 5.3.5, 5.4.3
- RenewalCertificateRequestConstraints, 3.5.4
- renewalNotAfter, 5.3.5, 5.4.3
- renewalNotBefore, 5.3.5
- RenewalRequestConstraint, 5.3, 5.4.3
- predicate, 5.3.5
- renewcert, A.1, A.1
- renewed, 3.5.4
- renewing, 6.1.3
- critical wallets, 6.1.3
- expiring certificates, 6.1.3
- Renewing Certificates, 3.5.4
- Reorder, 5.4.5.1
- reorder, 5.4.5
- reorder a policy, 5.4.5.4
- reordering
- policies, 5.4
- Reordering Predicates, 5.5.1.3
- replace
- administrator certificate, 3.3
- repository, 2.2.5, 2.3.1, 2.5, 3.1
- connections, 6.6.3
- contains logs, 6.5.1
- OCA, 6.1.1, A.7
- re-associating, 6.6
- separate, 6.6
- request, 1.3.3.1, 2.2.1, 2.2.1, 2.2.3, 2.2.5, 2.3, 2.3.1, 2.3.1, 2.3.3, 2.3.3, 3.2, 3.5, 3.5.1, 3.5.6.1, 7.2
- CA signing, 7.2.3
- code signing, 7.2.3
- new, 7.2
- pending, 3.4.1
- signing, 7.2.3
- SSL/encryption, 7.2.3
- validity, 5.1
- requests
- altering by policies, 5.3
- policies rejecting, 5.2
- subjected to policies, 5.2
- required fields, 2.3.1
- re-registering
- OCA with SSO, E.3
- restart, 3.1, 3.3, A.1, A.1, C.3.3, C.3.3, C.3.3
- restarting
- SSO server, 3.7.2
- restrict
- DNs in certificates, 5.4.4
- restricting
- certificate parameter values, 5.2
- retrieve, 7.2.2
- revocation
- reasons, 3.3, 6.2.3
- revocation reasons, 3.5.3
- RevocationConstraintRule, 5.4.2
- RevocationConstraints, 5.3, 5.3.4
- revoke, 1.1.3, 2.1.5, 2.2.3, 2.3.1, 3.3, 3.3, 3.5, 3.5.3, 3.5.5, 7.2, 7.2.1.1, 7.2.2, 7.2.2.3
- all policy rules, 5.4
- expired certificates, 5.3.4, 5.4.2
- revokecert, 6.2.2, A.1, A.1
- revoked, 3.5.5
- revoked CA
- administrator cannot access, 6.2.2
- revoked certificates
- list, 3.5.5
- revoking
- a Certificate Authority certificate, 6.2.2
- reasons, 6.2.3
- required before installing new CA, 6.2.2
- root certificate authority certificate, 6.2.2
- web administrator's certificate, 6.2.3
- Revoking Certificates, 3.5.3
- RFC1779
- DN usage, 5.5
- role, A.1, A.6
- root, 2.4, 7.2.4, A.7
- CA, 1.1.2.2
- root CA
- certificate, 3.5.3
- root CA signing wallet, B.2.1
- root certificate authority (CA), 6.1.1
- root of directory information subtree
- DN as, H
- Root Store, 7.2.1.2.1
- RSA, 2.2.1, 3.6
- RSAKeyConstraints, 5.3, 5.3.1
- default maximum key size, 5.3.1
- default minimum key size, 5.3.1
S
- save, 7.1
- save CRL, 2.2.3
- save or install
- CA certificate, 7.2
- save or install CA certificate, 7.3
- save or install CRL, 7.2, 7.4, 7.4.2
- saving CRL, 7.4.2
- scalability, 1
- Scalability, Performance, and High Availability, 2.2.5
- scheduled jobs, 4.2.2.3
- seamless, 2.1.5
- search, 3.5.5, 7.2
- advanced, 3.5.6, 3.5.6
- criteria, 3.5.6
- all pending requests, 3.5.5
- by
- DN or DN component, 3.5.6
- email, 3.5.6
- serial number, 3.5.6
- for single certificate or request, 3.5.5
- single issued certificate, 3.5.5
- single request, 3.5.5
- using advanced DN, 3.5.6.3
- using Certificate Status, 3.5.6.5
- using DN, 3.5.6.2
- using request status, 3.5.6.1
- using serial number range, 3.5.6.4
- Search Certificate Request using Request Status, 3.5.6.1
- Search Using Advanced DN, 3.5.6.3
- Search Using Certificate Status, 3.5.6.5
- Search Using DN, 3.5.6.2
- Search Using Serial Number Range, 3.5.6.4
- secure communications, 1
- secure email, 2.1.3
- Secure Socket Layer (SSL-based) Authentication, 2.3.2
- Secure Sockets Layer, 1.3.3.2
- SSL, 1.3.3.2
- security policy, 2.3.3
- self-service, 2.1.3
- Send SMIME E-Mails, 6.1.2.1
- sending
- signed alerts & notifications, 4.2.2.1, 6.1.2.1, 6.1.2.1
- serial number
- certificate, 1.1.2.3
- new Sub CA, B.2
- range, 3.5.6
- range search, 3.5.6.4
- Sub CA, B.2.1
- serial number search, 3.5.6
- server, 3.5.6.2
- certificate type, 5.5
- certificates, 5.3.2, 7.2, 7.2.3
- types, 7.2.3
- SSL authentication, 6.1.2
- server authentication, F
- server certificate
- acquiring, 7.2.3
- server entities, 7
- verification, 3.6
- server request
- manual, 2.3.3
- serverAuth, D.1.1
- servers
- multiple, 3.6
- Server/SubCA
- certificate request, 7.2.3, 7.2.3, 7.2.3, 7.2.4, 7.2.4, 7.2.4, B.1, B.1, B.2.1, B.2.1, B.2.1
- enrollment form, 7.2.3, 7.2.3, 7.2.3, 7.2.4, 7.2.4, 7.2.4, B.1, B.1, B.2.1, B.2.1, B.2.1
- Server/SubCA Certificates Tab, 7.2.3
- Server/SubCA Certificates tab, 2.2.3, 7.2
- session key management, 1.3.3.2
- set, A.1, A.1
- setpasswd, A.1, A.1, A.6
- settings
- database, 4.2.4.7
- directory host/agent/port in use, 4.2.4.8
- General subtab, 6.6.3, A.1
- SHA1 with RSA, 3.6
- sign digital transactions, 1.2
- signature
- digital, 1, 1.1.2.3, 1.1.2.3
- signature algorithm, 3.6
- signer, 7.2.1.1, 7.2.1.2.2
- signing, 1.1.2, 1.1.2.1, 2.3, 7.2.1.1, 7.2.4, A.1, A.7
- certificate authority, 1.1.2
- certificate usage definition, D.1
- message digests, 7.2
- software, 7.2
- signing certificate, 2.4
- single certificate or request
- finding, 3.5.5
- Single Sign-on, 2.1.4
- single sign-on, 1, 1.3.2, 1.3.3.3, 2.1.1
- Single Sign-on (see SSO), 3.7
- Single Sign-on Authentication (SSO), 7.2.1.1
- smart card, 2.2.1, 7.2.1
- smart cards, 2.3
- SMIME, 2.2.1, 3.6, A.1
- SMIME wallet, 6.1.1, 6.1.3
- software
- signing, 7.2
- SSL, 1.1.2.3, 1.1.2.4, 1.3.3.2, 1.3.3.2, 1.3.3.3, 2.3.3, 7.2.1, 7.2.1.3, A.1, A.6
- authentication, 7.2
- certificate, 2.4
- enabling with PKI for SSO, E
- not SSO default, 3.7
- PKI requires, 3.7
- port, 3.4, 3.7.1
- publishing, 4.2.4.1
- user
- validity period, 5.3.2
- user can renew, 7.2.2, 7.2.2.2
- user can revoke, 7.2.2.3
- validity check, 3.6, 3.6
- with OCA, 6.1.2, B.2.2
- SSL authentication
- server, 6.1.2
- SSL mode
- configured automatically, 6.2.1
- SSL server
- wallet password, 6.2.1
- SSL Server wallet, A.2
- SSL wallet, 6.1.1
- SSLCARevocationFilePath, 7.4.2
- SSO, 1.3.3.3, 2.1.1, 2.2.3, 2.3, 2.3.1, 2.3.3, 2.5, 3.7, 7.2.1, 7.2.1.1, A.2
- application usage, 3.7.3
- broadcast OCA request page, 3.7, 3.7.1
- can use OCA certificate, 3.7.2
- default deployment, 3.7
- enabling PKI with OCA, 3.8.1
- enabling ssl and pki, 3.8.1
- enabling with SSL and PKI, E
- getting an OCA certificate directly, 3.7
- import certificate to browser, 3.7.2
- link with OCA, 3.7.2
- login page, 7.2.1.1
- mod_osso, 2.3
- OCA configuration choices, 3.7
- registration tool, E.3
- server restart, 3.7.2
- usage of certificates, 3.7.3
- user
- validity period, 5.3.2
- user can renew, 7.2.2, 7.2.2.2
- user can revoke, 7.2.2.3
- users
- choose key size, 3.7.2
- wallet, 6.2.1
- welcome page, 3.7.2
- SSO Certificate Request, 3.7.1
- SSO wallet
- encrypted, 6.2.1
- protected by file permissions, 6.2.1
- standards, D
- start, 2.2.3, 3, 3.1, 3.1, 3.3, A.1, A.1, A.1, A.1, A.3, C.3.3, C.3.3
- OC4J, 3.7.2, 5.6.2, 5.6.2, A.3, A.4, A.11, A.11, B.2, B.2
- ohs, 5.6.2, 5.6.2, A.3, A.11, A.11, B.2, B.2
- status, 3.1, A.1, A.5
- approved, rejected, or pending, 3.5.5
- certificate
- valid, revoked, expired, 3.5.6, 3.5.6.5
- RenewalRequestConstraint, 5.3.5
- RevocationConstraints, 5.3.4
- RSAKeyConstraints, 5.3.1
- uniquecertificateconstraint, 5.3.3
- validity rule, 5.3.2
- Steps in Creating a New Policy Plug-in, 5.6.2
- stop, 2.2.3, 3, 3.1, 3.1, 3.3, 3.3, A.1, A.1, A.1, A.4, C.3.3, C.3.3
- OC4J, 3.7.2, 5.6.2, 5.6.2, A.3, A.4, A.11, A.11, B.2, B.2
- ohs, 5.6.2, 5.6.2, A.3, A.11, A.11, B.2, B.2
- storing connection information, 6.6.3
- string values, 5.5
- Structure of the Administration Interface, 4.1
- Sub CA
- common name, B.2.1
- new
- invalidates older SMIME certificate, B.2.2
- invalidates older SSL certificate, B.2.2
- serial number, B.2
- serial number, B.2.1
- Sub CA certificate, 3.5.1.1
- sub CA certificate
- acquire and import, B
- Sub CA Signing Wallet
- installing/importing, B.2
- Sub CA Signing wallet
- directory, B.2
- Sub CA signing wallet, B.2.1
- generating, B.2.1
- SUBCA, A.1
- subdivisions
- as domain components, H
- Subject Name, 3.2
- Subordinate CA
- certificates, 7.2.4
- subordinate CA, 1.1.2.2, 2.4, 7.2.3
- geographical advantages, 2.4
- subordinate CA request
- manual, 2.3.3
- subordinate certificate authority
- acquire and import, B
- subordinate organizations
- Sub CA signing wallet, B.2.1
- subscriber name, 3.7.3
- subtabs, 3.4, 5.4
- General, 4.2.3, 4.2.4
- SUPERSEDED (revocation code), 3.3
- Superseded (revocation reason), 3.5.3
- Support for Open Standards, 2.2.1
- symmetric, 1.1.1
- synchronization
- directory, 4.2.2.3
- syntax, A.1, A.2
T
- tabs, 2.2.3
- Administration Setup, 2.2.3
- Certificate Management, 2.2.3
- certificate management, 3.4.1
- tasks
- configuration, 4.2.1
- general subtab, 4.2.1
- notification subtab, 4.2.1
- policy subtab, 4.2.1
- Thawte, 1.1.2
- third-party, 7.2.4
- SSL wallet, 6.2.1
- trusted, 1.1.2
- third-party wallet, A.2
- time, 6.2.4
- top-down evaluation of predicates, 5.5.1.2
- TRACE, A.1
- trace, 6.5
- clearing, 6.5.1
- oca.trc, 6.5.1
- trace file, 4.2.4.5
- tracer, A.1, A.3
- tracing, 4.2.4.5
- trust
- levels, 1.1.2.2
- paths, 2.4
- trust environment, 3.6
- trust point, 6.2.1, B
- trust points
- copying, B.2.1
- trusted certificate, B.2.1
- editing uses, 7.2.1.1, 7.2.1.2.2
- trusted entities, 1.1, 1.1.2.2, 3.5.1.1
- trusted-certificate-DNs
- allow/disallow requests, 5.4.1
- Trusting a Certificate Issuer in Internet Explorer, 7.2.1.2.1
- trusting a certificate issuer in Netscape, 7.2.1.2.2
- TrustPointDNCustomRule, 5.4.4
- type, A.1, A.6
- types
- certificate, 7.2
- in predicates, 5.5
U
- unauthorized access, 1.2
- prevention, 1.1
- UniqueCertificateConstraint, 5.3, 5.3.3
- checks usage and DN, 5.3.3
- uniquecertificateconstraint
- parameter, 5.3.3
- UNIX, 3.3
- unlinksso, 3.7.2, A.1, A.1
- UNSPECIFIED (revocation code), 3.3
- Unspecified (revocation reason), 3.5.3
- update CRL, 2.2.3
- updateconnection, 4.2.4.7, 4.2.4.8, A.1, A.1, A.14
- updating the CRL, 3.6
- URL
- certificate request for SSO users, 3.7.1
- URLC token, 3.7.3
- usage
- CA signing, B.2.1
- usages
- in predicates, 5.5
- User Certificates page, 2.2.3
- User Certificates tab, 2.2.3
- user interface
- accessing, 7.1
- certificate operations, 7.2.2
- certificate renewal, 7.2.2.2
- certificate retrieval, 7.2.2.1
- certificate revocation, 7.2.2.3
- configuring your browser to trust OCA, 7.2.1.2
- downloading a CA certificate, 7.3
- end-user tabs and processes, 7.2
- exporting wallet from browser, 7.6
- importing certificate from your file system, 7.7
- importing certificate to browser, 7.5
- manual authentication, 7.2.1.4
- saving CRL, 7.4.2
- server/subca certificates tab, 7.2.3
- SSL, 7.2.1.3
- SSO, 7.2.1.1
- subordinate CA certificates, 7.2.4
- user certificates tab, 7.2.1
- Using Advanced Search, 3.5.6
V
- validation
- key, 1.1.2
- validity period, 3.2, 3.2, 3.5.1.1, 3.5.5, 5.3, 7.2.1.1, 7.2.3
- default maximum, 5.3.2
- default minimum, 5.3.2
- default period, 5.3.2
- defaults, 5.4.1
- for SSO- or SSL-authenticated users, 3.5.4
- for the CA, 5.3.2
- default, 5.3.2
- minimum and maximum, 5.3.2
- narrow/widen range, 5.4.1
- predicate, 5.3.2
- rejecting, 5.3.2
- renewcert, 6.1.3
- wallets
- default values, 3.8
- validityPeriod
- renewal default, 5.3.5
- ValidityRule, 5.3, 5.3.2
- values, 5.1
- in predicates, 5.5
- parameters, 5.4.5.1
- values at installation, 3.8
- Verisign, 1.1.2
- view, 3.5.2, 7.2
- log or trace, 4.2.4.5
- View Details, 3.5.1.1, 3.5.5
- View Logs Tab, 4.3
- View Policies For, 5.4
- Viewing Details of Certificates, 3.5.2
- viewing logs, 3
- virtual host, F
W
- wallet
- as container, 1.1.2.4
- CA SMIME
- regenerating, 6.1.1, A.7
- CA SSL
- regenerating, 6.1.1, A.7
- compromised or corrupted, 6.1.2, B.2.2
- contents, 1.1.2.4
- Oracle, 1.1.2.4
- password, 6.1.2, 7.7
- changing, 6.1.4
- password superseded, 6.2.1
- regenerated, 6.1.2, B.2.2
- regenerating, 6.1.1
- wallet operations, 6.1
- wallet-location, A.2
- wallets, 1.3.3.1, 6.1, 6.1.3, A.1, A.8
- backing up, 6.2.1
- CA SMIME, 6.1.2.1
- regenerating, 6.1.2.1
- locations, 3.8
- SMIME, 6.1.3
- SSO format, 6.2.1
- walletwrl, A.2
- web administration interface, 3.4
- web administrative interface, 3
- access, 3.2
- web administrator certificate, 3.2, 3.3
- web administrator's certificate
- revoking, 6.2.3
- web interface
- administrative, 2.2.3
- end-user, 2.2.3
- welcome page, 3.2
- for SSO users, 3.7.2
- window
- renewal, 3.5, 3.5.4, 5.3.5, 5.3.5, 5.3.5, 5.4.3
- Windows NT, 3.3
- writing a policy plug-in, 5.2
X
- X.509, Preface, 1.1.2.3, 1.1.2.3, 1.1.2.3, 1.3.3.1, 2, 2, 2.1.1, 2.1.1, 2.2.1, 2.3, 2.3.2, A.11, A.11, B.2, D, H, H, H