Index
|
A |
Administration Server
and demo 80
NT setup 148
Unix setup 145
administrator/agent, initial enrollment 93-95, 224-226
agent enrollment 228-229
authentication
client, with Enterprise Server 3.x 289-307
decisions for deployment 136
authentication modules 29-30, 30-43, 55-56, 74
authorityKeyIdentifier 254, 274, 281
|
B |
basicConstraints 255, 281
|
C |
CA decisions, for deployment 127-131
CA renewal 130-131
distinguished name 127
extensions 129-130
root versus subordinate 129
signing certificate 128
signing key 128
CA signing certificate 128
configuration of 153-156, 166-??
CEP 44-45, 46, 50, 74
certificateIssuer 277
certificate life-cycle management 33, 48-53, 62
Certificate Management System (CMS)
access to subsystems 50
architecture 70-74
command-line utilities 68-70
identifier 145, 148
overview of 22-29
servlets 29
standards supported by 74-76
Certificate Manager
configuration of 151-157
Data Recovery Manager and 122-127
Data Recovery Manager and Registration Manager and 124-127
demo and 81
features of 62
installed by itself 119-120
introduced 24
Registration Manager and 120-121
certificatePolicies 256
certificates
Certificate Manager 134
Data Recovery Manager 135
extensions for 245-282
for subsystems, summarized 133-135
installing 283-287
life-cycle management 48-53
management formats and protocols 74-75
Registration Manager 135
SSL server, for CMS subsystems 134
X.509 specification 76
cipher suites for export 313
client authentication, with Enterprise Server 3.x 289-307
CMC 75
CMMF 75
CMS. See Certificate Management System, Cryptographic Message Syntax
CMS instances
ports and 137-139
server groups and 118, 137-139
command-line utilities 68-70
configuration directory
demo and 80
NT setup 146, 147-148
Unix setup 144
configuration directory server
Unix setup 142
conventions used in this book 15
cRLDistributionPoints 257
CRLNumber 274
CRLs
Certificate Manager support for 63
extensions for 273-278
CRMF 74
Cryptographic Message Syntax (CMS) 75
|
D |
database, internal CMS 81
Data Recovery Manager
Certificate Manager and 122-127
Certificate Manager and Registration Manager and 124-127
configuration of 159-164
features of 64
introduced 24
recovery agents for 163-164
transport certificate 159-162
deltaCRLIndicator 275
demo 77-113
first user certificate for 93-95
installation of 77-113
Installation Wizard and 89-93
overview of 80-84
passwords for 83-84
port numbers for 82
software installed for 82
using 95-113
using an LDAP directory with 103-113
verifying installation 96-101
deployment planning 117-139
authentication decisions 136
CA decisions 127-131
CA renewalCA renewal 130-131
distinguished name 127
extensions 129-130
root versus subordinate 129
signing certificate 128
signing key 128
certificate decisions
Certificate Manager 134
Data Recovery Manager 135
Registration Manager 135
enrollment scenarios 33-47
firewall considerations 34
hardware token decisions 131-??
LDAP publishing decisions 132-133
policy decisions 136-137
port assignments 137-139
SSL server certificate decisions 134
storage key 135
subsystem certificate decisions 133-135
topology decisions 118-127
distinguished name (DN)
for CA 127, 128
for CA signing certificate 154
for Data Recovery Manager transport certificate 160
for Registration Manager signing certificate 159
downloading certificates 283-287
DSA 128
|
E |
end entities
enrollment, steps in 30-32
enrollment scenarios for 33-47
forms for 52
life-cycle management and 48-53
enrollment, initial administrator/agent 224-226
enrollment scenarios 33-47
custom authentication, customer database 36
custom authentication, Kerberos 40-41
firewall considerations 34
manual authentication 38-39
PIN-based authentication 42-43
routers 46-47
VPNs 44-45
Enterprise Server 3.x, using SSL with 289-307
event-driven notifications 61
export control information 309-313
extensions 245-282
adding to certificates 280
authorityKeyIdentifier 254, 274, 281
basicConstraints 255, 281
CA certificates and 155-156, 280-282
CAs and 129-130
certificateIssuer 277
certificatePolicies 256
CMS policy modules for 58
cRLDistributionPoints 257
CRLNumber 274
deltaCRLIndicator 275
extKeyUsage 259
holdInstructionCode 277
invalidityDate 278
issuerAltName 261, 276
issuingDistributionPoint 276
keyUsage 262
nameConstraints 265
netscape-cert-type 279, 281
netscape-comment 280
Netscape-defined 278-282
policyConstraints 267
policyMappings 268
privateKeyUsagePeriod 269
reasonCode 278
recommendations for usage 247-251
SSL server certificate 169-170
subjectAltName 270
subjectDirectoryAttributes 271
subjectKeyIdentifier 272
transport certificate 161
X.509 certificate, summarized 251-273
X.509 CRL, summarized 273-278
extKeyUsage 259
|
F |
FIPS PUBS 140-1 75
firewalls 34
fonts used in this book 15
|
G |
gateway
agent, for demo 92
end user, for demo 92
|
H |
hardware requirements for CMS installation 78
hardware token decisions, for deployment 131-??
holdInstructionCode 277
|
I |
installation 171-229
additional instances 227
demo 77-113
first user certificate for 93-95
Installation Wizard and 89-93
NT installation script for 87-89
overview of 80-84
passwords for 83-84
Unix installation script for 85-87
using 95-113
verifying 96-101
hardware requirements 78
location of
NT setup 145
Unix setup 142
overview 172
port considerations 137-139
software requirements 78
Solaris requirements 78, 80
system requirements 78-80
Windows NT requirements 79
wizard 180-222
worksheet 141-170
installation script
information requested by 142-149
NT
complete instructions 177-180
running for demo 87-89
worksheet for 145-149
Unix
complete instructions 174-177
running for demo 85-87
worksheet for 142-145
Installation Wizard
initial configuration steps 149-151
procedures for using 180-223
running for demo 89-93
installing certificates 283-287
instances, CMS
agents for additional 228-229
creating additional 227
internal CMS database 81
invalidityDate 278
IP addresses, and port assignments 139
issuerAltName 261, 276
issuingDistributionPoint 276
|
J |
Java/JNI 73
JDK 1.1.6 73
job scheduler 61
JSS 73
|
K |
KEYGEN tag 76
key length 128
keyUsage 262
|
L |
LDAP 76
LDAP directory
configuration, demo and 80
DN pattern for authentication 104
internal CMS database, demo and 81
publishing decisions 132-133
testing authentication with 103-113
|
M |
migrating from Certificate Server 1.x 152-153, 164-165, 231-243
|
N |
nameConstraints 265
netscape-cert-type 279, 281
netscape-comment 280
Netscape Console
demo and 80
starting Installation Wizard from 180
notifications, event-driven 61
NSS 73
|
P |
PKCS #10 76
PKCS #11 71-73, 76
PKCS #7 76
PKI. Seedistinguished name (DN).
PKI. See installation script.
PKI. See Public-Key Infrastructure.
PKIX 75
policyConstraints 267
policyMappings 268
policy modules 29-32, 56-60
decisions for deployment 136-137
port numbers
assignment of 137-139
for demo 82
IP addresses and 139
privateKeyUsagePeriod 269
Public-Key Infrastructure (PKI) 23
|
R |
reasonCode 278
Registration Manager
Certificate Manager and 120-121
Certificate Manager and Data Recovery Manager and 124-127
configuration of 157-159
features of 62
introduced 24
root versus subordinate CA 129
RSA 128
|
S |
server certificate 167-170
server groups 118
servlets, CMS 29
setup script 113
signing algorithms 63
signing certificate
CA 128, 153-157, 166-??
Registration Manager 157-159
signing key, for CA 128
single sign-on password 170
software requirements for CMS installation 78
Solaris
requirements for installation 80
Solaris requirements for installation 78
SSL 76
cipher suites approved for export 313
server certificate 167-170
using with Enterprise Server 289-307
storage key, for Data Recovery Manager 135
subjectAltName 270
subjectDirectoryAttributes 271
subjectKeyIdentifier 272
subject name 141
subsystem certificate decisions 133-135
subsystem certificate decisions, for deployment
Certificate Manager 134
Data Recovery Manager 135
SSL server 134
system requirements for CMS installation 78-80
|
T |
terms used in this book 15
topology decisions, for deployment 118-127
transport certificate, for Data Recovery Manager 159-162
typestyles used in this book 15
|
U |
user/group directory
NT setup 146
user/group directory server
Unix setup 143
utilities, command-line 68-70
|
W |
Windows NT, requirements for installation 79
|
X |
X.509 certificates 76
|
|
|