Previous     Contents     Index     Next     
iPlanet Certificate Management System Agent's Guide

About This Guide

This guide describes the Agent Services interface that a SunTM ONE Certificate Server agent uses to administer a subsystem's certificates and keys.


SunTM ONE Certificate Server was previously known as iPlanetTM Certificate Management System. The product was renamed shortly before the launch of this 4.7 release.

The late renaming of this product has resulted in a situation where the new product name is not fully integrated into the shipping product. In particular, you will see the product referenced as iPlanet Certificate Management Server (CMS) within the product GUI and within the product documentation. For this release, please consider iPlanet Certificate Management Server and SunTM ONE Certificate Server as interchangeable names for the same product.

This preface has the following sections:

What You Should Already Know

This guide is intended for Certificate Management System agents—that is, privileged users designated by the Certificate Management System administrator to manage requests from end entities for certificate-related services. Each installed CMS manager (Certificate Manager, Registration Manager, and Data Recovery Manager) can have one or more agents.

Server administrators should refer to the CMS Agent's Guide for information on how to designate agents and assign agent privileges to users and groups.

Before reading this guide, you should be familiar with the basic concepts of public-key cryptography and the Secure Sockets Layer (SSL) protocol. These include the following topics:

  • Encryption and decryption

  • Public keys, private keys, and symmetric keys

  • Digital signatures

  • The role of digital certificates in a public-key infrastructure (PKI)

  • Certificate hierarchies

  • SSL cipher suites

  • The purpose of and major steps in the SSL handshake

For overviews of these topics, see Appendix D and Appendix E of Managing Servers with iPlanet Console.

What's in This Guide

This guide describes the duties of the agents for the various CMS subsystems and explains how to accomplish each task.

  • Chapter 1 "Agent Services" provides an overview of the product and identifies the different kinds of users, including agents. The chapter also summarizes the tasks of each subsystem agent and lists the HTML forms you use to perform agent tasks. Finally, the chapter explains how to access the Agent Services pages and forms.

  • As a Certificate Manager or Registration Manager agent, you are responsible for handling requests for certificates that are made by end entities (end users, server administrators, or other CMS subsystems) using manual enrollment. Chapter 2 "Handling Certificate Requests" describes the general procedure for handling requests and explains how to handle different aspects of certificate request management.

  • Chapter 3 "Finding and Revoking Certificates" explains how, as a Certificate Manager agent, you can use the Agent Services page to find and examine a specific certificate issued by Certificate Management System, or retrieve a list of certificates that match specified criteria. This chapter also explains how to revoke certificates, and manage the certificate revocation list.

  • Chapter 4 "Publishing to a Directory" describes how a Certificate Manager agent can update the LDAP directory with the current status of certificates.

  • Chapter 5 "Recovering Encrypted Data" describes how to process key recovery requests, and how to recover stored encrypted data when the encryption key has been lost. This service is only available when the Data Recovery Manager subsystem is installed.

  • Chapter 6 "Managing OCSP Service Related Tasks" describes how to handle tasks related to the CMS OCSP responder, Online Certificate Status Manager. This service is only available when the Online Certificate Status Manager subsystem is installed.

Conventions Used in This Guide

This guide uses the following conventions:

Monospaced font

This typeface is used for text that is an executable part of a program or text that you type. It's also used for filenames, directory names, and URLs.


Italic type is used for emphasis, book titles, and to introduce new or glossary terms.

Text within "quotation marks"

Indicates cross-references to other topics within this guide.

Square brackets [ ]

Square brackets enclose commands that are optional.

Angle brackets <>

Angle brackets indicate placeholders for items that vary, such as pathnames and variable names. Replace the angle brackets and their text with text that applies to your situation.

Forward slash /

A slash is used to separate directories in a path. (Note that the Windows NT operating system supports both the slash and the backslash.)

Sidebar text

Sidebar text marks important information. Make sure you read the information before continuing with a task.

In addition, the following conventions are used for important notes.

Note You can access the Agent Services only if you have a valid agent certificate.


A caution note documents a potential risk of losing data, damaging software or hardware, or otherwise disrupting system performance.

Where to Go for Related Information

This section summarizes the documentation that ships with Certificate Management System, using these conventions:

  • <server_root> is the directory where the CMS binaries are kept (specified during installation).

  • <instance_id> is the ID for this instance of iPlanet Certificate Management Server (specified during installation).

The documentation set for Certificate Management System includes the following:

  • Managing Servers with iPlanet Console

    Provides background information on basic cryptography concepts and the role of iPlanet Console.

    To view the HTML version of this guide, open this file: <server_root>/manual/en/admin/help/contents.htm

  • CMS Installation and Setup Guide

    Provides detailed information on deployment options for Certificate Management System, a walk-through of a test or demo installation, complete installation instructions, and information on administrative tasks. To access the installation and configuration information from within the CMS Installation Wizard, click any help button.

    To view the HTML version of this guide, open this file: <server_root>/manual/en/cert/setup_guide/contents.htm

  • CMS Plug-Ins Guide

    Provides detailed reference information on CMS plug-ins for authentication, policy, publishing, and so on. To access this information from the CMS window within iPlanet Console, click any help button.

    To view the HTML version of this guide, open this file: <server_root>/manual/en/cert/plugin_guide/contents.htm

  • CMS Command-Line Tools Guide

    Provides detailed reference information on CMS tools.

    To view the HTML version of this guide, open this file: <server_root>/manual/en/cert/tools_guide/contents.htm

  • CMS Customization Guide

    Provides detailed reference information on customizing the HTML-based agent and end-entity interfaces.

    To view the HTML version of this guide, open this file: <server_root>/manual/en/cert/custom_guide/contents.htm

  • CMS Agent's Guide (this guide)

    Provides detailed reference information on CMS agent interfaces. To access this information from the Agent Services pages, click any help button.

    To view the HTML version of this guide, open this file: <server_root>/<instance_id>/web/agent/manual/agent_guide/

  • End-entity help provides detailed reference information on CMS End-Entity Services interface. Users can access this guide by clicking any help button in the end user pages.

    To view the HTML version of this guide, open this file: <server_root>/<instance_id>/web/ee/manual/ee_guide/contents.htm


    Do not change the default location of any of the HTML files; they are used for the online help. You may move the PDF files to another location.

For a complete list of all documentation that ships with Certificate Management System, open this file: <server_root>/manual/index.html

You will not be able to access the files and directories specified here if you don't have access to the machine on which Certificate Management System is installed.

For the latest information about Certificate Management System, including current release notes, complete product documentation, technical notes, and deployment information, check this site:

Previous     Contents     Index     Next     
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated October 07, 2002