Chapter 5   Introduction to Agent Services Interface


iPlanet Certificate Management System (CMS) provides HTML forms-based interfaces for agents to use in performing certificate- and key-related operations. This chapter introduces these forms and explains how they work. You can use the forms as they are provided out of the box or customize them to meet your organization's requirements.

This chapter has the following sections:

• Agent Services Interface

• Accessing the Agent Services Interface

• Agent Forms and Templates

Agent Services Interface

---

As an administrator, you can designate privileged users, called agents, for each subsystem. Agents are responsible for the day-to-day operation of requests from end entities. To enable agents to accomplish their duties, Certificate Management System provides a set of HTML forms for Certificate Manager, Registration Manager, and Data Recovery Manager agents. Collectively, these forms are called the Agent Services interface.

Depending on the choices you made during installation, a combination of the following agent services will be installed:

• Certificate Manager Agent Services

• Registration Manager Agent Services

• Data Recovery Manager Agent Services

This section gives an overview of these forms and explains how to access them. For a complete list of the agent forms and output templates that come with Certificate Management System, see "Agent Forms and Templates". For step-by-step instructions on using the agent forms, see CMS Agent's Guide.

Note that accessing the Agent Services interface is a privileged operation, requiring certificate-based (or strong) authentication. It can be done only by users belonging to authorized agent groups maintained by Certificate Management System in its internal database. For details, see section "Agents" in Chapter 13, "Managing Privileged Users and Groups" of CMS Installation and Setup Guide.

Certificate Manager Agent Services

The Certificate Manager Agent Services interface enables a Certificate Manager agent to interact with the Certificate Manager (the server). Figure 5-1 shows the Certificate Manager Agent Services interface.

Figure 5-1    Certificate Manager Agent Services interface

Using the default forms, a Certificate Manager agent can accomplish tasks such as these:

• Listing deferred certificate requests from end entities and process them

• Listing certificates issued by the server

• Searching for certificates issued by the server

• Revoking certificates issued by the server

• Updating certificates and certificate revocation lists (CRLs) maintained in the publishing directory

Registration Manager Agent Services

The Registration Manager Agent Services interface enables a Registration Manager agent to interact with the Registration Manager (the server). Figure 5-2 shows the Registration Manager Agent Services interface.

Figure 5-2    Registration Manager Agent Services interface

Using the default forms, a Registration Manager agent can list deferred certificate requests from end entities and process them.

Data Recovery Manager Agent Services

The Data Recovery Manager Agent Services interface enables a Data Recovery Manager agent to interact with the Data Recovery Manager (the server). Figure 5-3 shows the Data Recovery Manager Agent Services interface.

Figure 5-3    Data Recovery Manager Agent Services interface

Using the default forms, a Data Recovery Manager agent can search for and recover end users' encryption private keys from the key archive. Key recovery requires authorization from key recovery agents; see section "Key Recovery Process" in Chapter 13, "Managing Privileged Users and Groups" of CMS Installation and Setup Guide.

Accessing the Agent Services Interface

---

Access to the Agent Services interface is restricted to authorized agents only. To access the Agent Services interface for a particular subsystem:

1. Open a web browser.

2. Go to the page where the Agent Services interface for Certificate Management System is installed.

   The default URL for this page is: https://<hostname>:<agent_port>

   <hostname> is in the form: <machine_name>.<your_domain>.<domain>

   If you have customized Certificate Management System, go to the page containing the agent forms that you would use to submit a request.

3. In the Agent Services menu, choose the agent services you require:
   • To access the agent services for the Certificate Manager, click the Certificate Manager Agent Services link.

   • To access the agent services for the Registration Manager, click the Registration Manager Agent Services link.

   • To access the agent services for the Data Recovery Manager, click the Data Recovery Manager Agent Services link.

   The appropriate interface appears.

Agent Forms and Templates

---

This section describes the Agent Services interface, gives the location of the agent forms and output templates, and lists all of the default forms and templates.

Structure of the Agent Services Interface

As shown in Figure 5-4, the Agent Services interface is divided into three parts or frames—top, menu, and content. The top frame includes the tabs that allow you to select a subsystem. The menu lists all the operations supported by the selected subsystem. The content shows the form pertaining to the operation an agent chooses in the menu; the form contains information to carry out the selected operation.

Figure 5-4    Various parts of the Agent Services interface

Locating Agent Forms and Templates

You can find the HTML forms specific to agent operations and the corresponding output templates at this location:

<server_root>/cert-<instance_id>/web/agent/<subsystem>

<server_root> is the directory where the CMS binaries are kept, as specified during installation.

<instance_id> is the ID for this instance of Certificate Management System. You specified this ID during installation.

<subsystem> refers to the forms directory pertaining to a subsystem, the Certificate Manager (ca), Registration Manager (ra), or Data Recovery Manager (kra).