Index Next |
iPlanet Certificate Management System Installation and Setup Guide |
Contents
About This GuideWhat's in This Guide
What You Should Already Know
Conventions Used in This Guide
Where to Go for Related Information
Part 1 Overview and Demo Installation
Chapter 1 Introduction to Certificate Management SystemOverview of Key Features
System Overview
Flexible end-entity registration services framework
Public-Key Infrastructure
Auxiliary Components
CMS Subsystems or Managers
Certificate Manager
Basic System Configuration
Registration Manager
Data Recovery Manager
Online Certificate Status Manager
Plug-in Modules
Authentication Plug-in Modules
Event-Driven Notifications
Policy Plug-in Modules
Job Plug-In Modules
Mapper and Publisher Plug-in Modules
Command-Line Utilities
Entry Points for Various Types of Users
CMS SDK
Agent Services Interface
System Architecture
Certificate Manager Agent Services
End-Entity Services Interface
Registration Manager Agent Services
Data Recovery Manager Agent Services
Online Certificate Status Manager Agent Services Interface
PKCS #11
Standards Summary
NSS
JSS and the Java/JNI Layer
Middleware/Java 2 Layers
Authentication and Policy Modules
Certificate Management Formats and Protocols
Security and Directory Protocols
Chapter 2 Certificate Enrollment and Life-Cycle ManagementSteps in End-Entity Enrollment
Some Enrollment Scenarios
Firewall Considerations
End Entities and Life-Cycle Management
Extranet/E-Commerce: Acme Sales Corp.
Enrolling Existing Customers
PIN Registration: Atlas Manufacturing
Enrolling New Customers
Enrolling Extranet Users
VPN Client Enrollment and Revocation
Router Enrollment and Revocation
Life-Cycle Management Formats and Protocols
Access to Subsystems
HTML Forms for End Users
Netscape Personal Security Manager
Chapter 3 Default Demo InstallationSystem Requirements
Operating System and Software Required
Overview of the Default Demo
Platform Requirements
Demo Passwords
Installing the Default Demo
Step 1. Run the Installation Script UNIX
Using the Default Demo
Step 1. Run the Installation ScriptWindows NT
Step 2. Run the Installation Wizard
Step 3. Get the First User Certificate
Enrolling for the First Agent Certificate
If You Need the First Agent Form Again
Verify the Installation
Viewing Issued Certificates From the Agent Gateway
Create a Policy
Enrolling for a Certificate From the End-Entity Gateway
Finding and Approving a Certificate Request
Setting Your Browser to Use the Agent Certificate
Testing Your New Certificate
Configuring an RSA Key Length Policy
Use an LDAP Directory
Step 1. Enable Directory-Based Authentication
Publish Certificates to an LDAP Directory
Step 2. Add a User to the Directory
Step 3. Enroll with Directory-Based Authentication
Configure the Publishing Destination
Send Renewal Reminders
Set Rules for Publishing Certificates
Update the Publishing Directory
Configuring a Mail Server for Certificate Management System
Configuring Certificate Management System to Send Renewal Reminders
Part 2 Planning and Installation
Chapter 4 Planning Your DeploymentTopology Decisions
Server Groups and CMS Instances
Certificate Authority Decisions
Single Certificate Manager
Certificate Manager and Registration Manager
Certificate Manager and Data Recovery Manager
Certificate Manager, Data Recovery Manager, and Registration Manager
Cloned Certificate Manager
CA's Distinguished Name
Cryptographic Token Decisions
CA Signing Key Type and Length
CA Signing Certificate's Validity Period
Self-Signed Root Versus Subordinate CA
CAs and Certificate Extensions
CA Certificate Renewal or Reissuance
Publishing Decisions
Publishing to Certificates and CRLs to Files
Subsystem Certificate Decisions
Publishing to Certificates and CRLs to a Directory
Publishing CRLs to the Online Certificate Status Manager
SSL Server Certificates
Authentication Decisions
Certificate Manager Certificates
Registration Manager Certificates
Data Recovery Manager Certificate and Storage Key
Online Certificate Status Manager Certificates
Policy Decisions
Deployment Strategy and Port Assignments
Chapter 5 Installation WorksheetInformation for UNIX Installation Script
Installation Location
Information for NT Installation Script
Configuration Directory Server
User/Group Directory Server
Configuration Directory Settings
Administration Server Information
Certificate Management System Identifier
Installation Directory
Initial Configuration
Configuration Directory Server
User/Group Directory Server
Configuration Directory Settings
Configuration Directory Server Administrator
Directory Server Administration Domain
Directory Manager Settings
Administration Server Port
Certificate Management System Identifier
Internal Database
Certificate Manager Configuration
Administrator
Subsystems
Remote Certificate Manager
Remote Data Recovery Manager
Network Configuration
CA Signing Certificate
Registration Manager Configuration
CA's Serial Number Range
CA Signing Certificate Request
Key-Pair Information for CA Signing Certificate
Subject Name for CA Signing Certificate
Validity Period for CA Signing Certificate
Extensions for CA Signing Certificate
Registration Manager Signing Certificate Request
Data Recovery Manager Configuration
Key-Pair Information for Registration Manager Signing Certificate
Registration Manager Signing Certificate Issuer
Subject Name for Registration Manager Signing Certificate
Transport Certificate
Online Certificate Status Manager Configuration
Key-Pair Information for Transport Certificate
Transport Certificate Request
Subject Name for Transport Certificate
Validity Period for Transport Certificate
Extensions for Transport Certificate
Storage Key and Recovery Agent Configuration
Storage Key Creation
Data Recovery Scheme1
Data Recovery Scheme2
Online Certificate Status Manager Signing Certificate Request
Cloned Certificate Manager Configuration
Key-Pair Information for Online Certificate Status Manager Signing Certificate
Online Certificate Status Manager Signing Certificate Issuer
Subject Name for Online Certificate Status Manager Signing Certificate
CA Signing Certificate
SSL Server Certificate Configuration
CA's Serial Number Range
Cloned Key and Certificate Material
SSL Server Key and Certificate
SSL Server Certificate
Single Sign-On Password
Key-Pair Information for SSL Server Certificate
SSL Certificate Request
Subject Name for SSL Server Certificate
Validity Period for SSL Server Certificate
Extensions for SSL Server Certificate
Chapter 6 Installing Certificate Management SystemInstallation Overview
Installation Stages
Stage 1. Running the Installation Script
Before You Begin the Installation
Running the Installation Script on UNIX
Stage 2. Running the Installation Wizard
Running the Installation Script on Windows NT
Installing the Certificate Manager as a Root CA
Stage 3. Enrolling for Administrator/Agent Certificate
Installing the Certificate Manager as a Subordinate CA
Installing a Standalone Registration Manager
Installing a Standalone Data Recovery Manager
Installing a Online Certificate Status Manager
Agent Certificate for a Certificate Manager
Stage 4. Further Configuration Options
Agent Certificate for Other CMS Managers
Stage 5. Creating Additional Instances or CA Clones
Chapter 7 Installing and Uninstalling CMS InstancesInstalling Multiple CMS Instances
Cloning a Certificate Manager
Step 1. Before You Begin
Viewing Instance Information
Step 2. Create Instances for Clone CAs
Installing Clone CA in Master CA's Server Group
Step 3. Shutdown the Master CA
Installing Clone CA in a Different Server Group
Installing Clone CA on a Separate Host
Step 4. Copy Master CA's Certificate and Key Database
Step 5. Start the Master CA
Step 6. Configure the Clone CA
Step 8. Establish Trust Between Master CA and Clone CAs
Step A. Locate the Master CA's SSL Server Certificate
Step 9. Test Clone-Master Connection
Step B. Create a Privileged-User Entry for Clone CAs
Step A. Request a Certificate from the Clone CA
Step 10. Use Master CA's Agent Certificate in Clone CAs
Step B. Approve the Request
Step C. Download the Certificate to the Browser
Step D. Revoke the Certificate
Step E. Check Master CA's CRL for the Revoked Certificate
Changing the Name of an Instance
Removing an Instance From a System
Uninstalling Certificate Management System
Uninstalling From the Command Line
Upgrading From a Previous CMS Installation
Uninstalling by Using the Windows NT Add/Remove Programs Utility
Chapter 8 Starting and Stopping CMS InstancesStarting Certificate Management System
Required Start-up Information
Stopping Certificate Management System
Configuring the Server to Start Without the Single Sign-On Password
Starting From Netscape Console
Configuring the Server to Read the Single Sign-on Password From a File
Starting From the Command Line
Starting From the Windows NT Services Panel
Stopping From Netscape Console
Restarting Certificate Management System
Stopping From the Command Line
Stopping From the Windows NT Services Panel
Restarting From the CMS Window
Checking System Status
Restarting From the Command Line
Attending to an Unresponsive Server
CMS Watchdog Process
Password Cache
Password-Quality Checker
Part 3 Configuration
Chapter 9 Administration Tasks and ToolsNetscape Console
Console Tab
Logging In to Netscape Console
Users and Groups Tab
Netscape Administration Server
Starting Administration Server
Shutting Down Administration Server
The CMS Window
Tasks Tab
Logging In to the CMS Window
Configuration Tab
Status Tab
Chapter 10 CMS ConfigurationEffects of Installation Type on Configuration
Duplicating Configuration From One Instance to Another
Locating the Configuration File
Modifying the Configuration
Changing the Configuration From the CMS Window
Road Map to Configuring Subsystems
Changing the Configuration by Editing the Configuration File
Guidelines for Editing the Configuration File
Sample Configuration File
Step 1. Check Which Subsystems are Installed in the Instance
Step 2. Check the Port Numbers
Step 3. Verify Key Pair and Certificates
Step 4. Set up Privileged Users
Step 5. Customize End-Entity and Agent Forms
Step 6. Setup Authentication for End Users
Step 7: Enable Event-Driven Notifications
Step 8. Schedule Jobs
Step 9. Set up Policies
Step 10. Set up Publishing
Step 11. Set up Key Archival and Recovery
Step 12. Set up Logging
Step 13. Plan for Backing up CMS Configuration and Data
Chapter 11 Setting Up PortsCMS Ports
Remote Administration Port
Configuring Port Numbers
Agent Port
End-Entity Ports
Step 1. Specify the Port Number
Step 2: Specify IP Addresses
Chapter 12 Setting Up Internal DatabaseInternal Database
Configuring the Internal Database
Step 1. Identify the Directory Server Instance
Step 2. Restrict Access to the Internal Database
Chapter 13 Managing Privileged Users and GroupsPrivileged-User Types and Responsibilities
Administrators
Groups and Their Privileges
Agents
Agent's Certificate for SSL Client Authentication
Trusted Managers
Revocation Status Checking of Agent Certificates
Subsystems That Can Function as Trusted Managers
Connectors for Linking Trusted Managers
Trusted Manager's Certificate for SSL Client Authentication
Group for Administrators
Setting Up Privileged Users
Groups for Agents
Group for Certificate Manager Agents
Group for Trusted Managers
Group for Registration Manager Agents
Group for Data Recovery Manager Agents
Group for Online Certificate Status Manager Agents
Setting Up Administrators
Changing Privileged-User Information
Step 1. Find the Required Information
Setting Up Agents
Step 2. Add the Information to the Internal Database
Setting up Agents Using the Automated Process
Setting Up Trusted Managers
Setting up Agents Using the Manual Process
Setting up Trusted Managers Using the Automated Process
Setting Up a Registration Manager as a Trusted Manager
Setting Up a Certificate Manager as a Trusted Manager
Changing a Privileged User's Login Information
Deleting a Privileged User
Changing a Privileged User's Certificate
Changing Members in a Group
Chapter 14 Managing CMS Keys and CertificatesKeys and Certificates for the Main Subsystems
Certificate Manager's Key Pairs and Certificates
Tokens for Storing CMS Keys and Certificates
CA Signing Key Pair and Certificate
Registration Manager's Key Pairs and Certificates
wTLS CA Signing Certificate
OCSP Signing Key Pair and Certificate
CRL Signing Key Pair and Certificate
SSL Server Key Pair and Certificate
Remote Administration Server Certificate
Signing Key Pair and Certificate
Data Recovery Manager's Key Pairs and Certificates
SSL Server Key Pair and Certificate
Remote Administration Server Certificate
Transport Key Pair and Certificate
Online Certificate Status Manager's Key Pairs and Certificates
Storage Key Pair
SSL Server Key Pair and Certificate
Remote Administration Server Certificate
OCSP Signing Key Pair and Certificate
SSL Server Key Pair and Certificate
Remote Administration Server Certificate
Internal Token
Hardware Cryptographic Accelerators
External Token
Installing External Tokens
Managing Tokens Used by the Subsystems
Viewing Tokens
Changing a Token's Password
Certificate Setup Wizard
Using the Wizard to Request a Certificate
Configuring the Server's Security Preferences
Step 1. Select the Operation
Using the Wizard to Install a Certificate or Certificate Chain
Step 2. Choose the Certificate
Step 3. Specify the Key-Pair Information
Step 4. Specify the Subject Name for the Certificate
Step 5. Specify the Validity Period
Step 6. Specify Extensions
Step 7. Copy the Certificate Signing Request
Step 8. Check the Certificate Request Status
Data Formats for Installing Certificates and Certificate Chains
Step 1. Select the Operation
Step 2. Select the Certificate or Certificate Chain
Step 3. Specify the Location of the Certificate
Step 4. View the Certificate or Certificate Chain
Step 5. Install the Certificate or Certificate Chain
Step 6. Verify the Certificate Status
Configuring the Server to Use Separate SSL Server Certificates
Getting New Certificates for the Subsystems
Step 1. Get the Required SSL Server Certificates
Getting an SSL Client Certificate for a Subsystem
Step 2: Update the Configuration
Setting Up Cipher Preferences for SSL Communications
SSL Ciphers Supported in Certificate Management System
Configuring the Server to Use Specific Ciphers
Step 1. Plan for the New Certificate
Renewing Certificates for the Subsystems
Step 2. Request the New Certificate
Step 3. Install the New Certificate
Step 4. Deploy the New Certificate
Deploying Certificate Manager's CA Signing Certificate
Deploying Registration Manager's Signing Certificate
Deploying Data Recovery Manager's Transport Certificate
Deploying a Subsystem's SSL Server Certificate
Step 1. Plan for Certificate Renewal
Managing the Certificate Database
Step 2. Renew the Existing Certificate
Step 3. Install the Renewed Certificate
Step 4. Deploy the Renewed Certificate
Deploying Certificate Manager's Renewed CA Signing Certificate
Step 5. Restart the Server
Deploying Registration Manager's Renewed Signing Certificate
Deploying Data Recovery Manager's Renewed Transport Certificate
Deploying a Subsystem's Renewed SSL Server Certificate
Viewing the Certificate Database Content
Deleting a Certificate From the Certificate Database
Changing the Trust Settings of a CA Certificate
Installing a New CA Certificate in the Certificate Database
Installing a CA Certificate Chain in the Certificate Database
Chapter 15 Setting Up End-User AuthenticationIntroduction to Authentication
Privileged-User Authentication
Configuring Authentication for End-User Enrollment
Authentication of Administrators
End-Entity Authentication
Authentication of Agents
Authentication of End Entities During Certificate Enrollment
Authentication of End Users During Certificate Renewal
Authentication of End Users During Certificate Revocation
Step 1. Before You Begin
Managing Authentication Instances
Step 2. Set Up the Directory for PIN-Based Enrollment
Step A. Check the Directory for User Entries
Step 3. Enable the AttributePresentConstraints Policy
Step B. Update the Directory
Step C. Prepare the Input File
Step D. Run the Command Without the Write Option
Step E. Check the Output File
Step F. Run the Command Again with the Write Option
Step 4: Add an Authentication Instance
Step 5. Set Up the Enrollment Interface
Step A. Associate the Authentication Instance With the Enrollment Form
Step 6. Enable End-Entity Interaction
Step B. Customize the Form
Step C. Hook Up the Certificate-Based Enrollment Form
Step D. Remove Unwanted Enrollment Options
Enabling End-Entity Interaction with a Certificate Manager
Step 7. Turn on Automated Notification
Enabling End-Entity Interaction with a Registration Manager
Step 8. Test Your Authentication Setup
Step 9. Deliver PINs to End Users
Deleting an Authentication Instance
Managing Authentication Plug-in Modules
Modifying an Authentication Instance
Registering an Authentication Module
Deleting an Authentication Module
Chapter 16 Setting Up Automated NotificationsAutomated Notifications
Notifications of Certificate Issuance to End Entities
Customizing Notification Messages
Notification of New Request in Queue
Templates for Event-Triggered Notifications
Configuring a Subsytem to Send Notifications
Customizing Message Templates
Tokens Available in Message Templates
Tokens for Certificate Issuance Notifications to End Entities
Tokens for Rejection Notifications to End Entities
Tokens for Request In Queue Notification Messages
Step 1. Before You Begin
Step 2. Turn On Certificate-Issuance Notification
Step 3. Turn on Request in Queue Notification
Step 4. Verify Mail Server Settings
Step 5. Test Your Configuration
Chapter 17 Scheduling Automated JobsConfiguring a Subsystem to Run Automated Jobs
Step 1. Before You Begin
Managing Job Plug-in Modules
Step 2. Modify Existing Jobs
Step 3. Delete Unwanted Jobs
Step 4. Add New Jobs
Step 5. Schedule the Frequency
Step 6. Verify Mail Server Settings
Step 7. Test Your Configuration
Registering a Job Module
Deleting a Job Module
Chapter 18 Setting Up PoliciesIntroduction to Policy
What Is Policy?
Configuring Policy Rules for a Subsystem
Policy Rules
Types of Policy Rules
Using Predicates in Policy Rules
Expression Support for Predicates
Policy Processor
Attributes for Predicates
Step 1. Before You Begin
Using JavaScript for Policies
Step 2. Modify Existing Policy Rules
Step 3. Delete Unwanted Policy Rules
Step 4. Add New Policy Rules
Step 5. Reorder Policy Rules
Step 6. Restart the Server
Step 7. Test Policy Configuration
Step A. Enroll for a Certificate
Step B. Approve the Request
Step C. Check the Certificate Details
Managing Policy Plug-in Modules
Registering a Policy Module
Deleting a Policy Module
Chapter 19 Setting Up LDAP PublishingPublishing of Certificates to a Directory
Timing of Directory Updates
Publishing of CRLs
Directory Update Process
Directory Synchronization
What's a CRL?
Configuring a Certificate Manager to Publish Certificates and CRLs
Reasons for Revoking a Certificate
Revocation Checking by Netscape Clients
Revocation Checking by Netscape Servers
Publishing of CRLs to an LDAP Directory
CRL Issuing Points
Step 1. Before You Begin
Manually Updating Certificates and CRLs in a Directory
Step 2. Set Up the Directory for Publishing
Step A. Verify the Directory Schema
Step 3. Configure the Certificate Manager to Publish Certificates
Step B. Add an Entry for the CA
Step C. Identify an Entry That Has Write Access
Step D. Verify Entries for End Entities
Step E. Specify the Directory Authentication Method
Step F. Modify the Certificate Mapping File
Step G. Restart Directory Server
Step A. Modify the Default Mappers, Publishers, and Publishing Rules
Step 4. Configure the Certificate Manager to Publish CRLs
Step B. Add Mappers, Publishers, and Publishing Rules
Step A. Specify CRL Details
Step 5. Identify the Publishing Directory
Step B. Set the CRL Extensions
Step C. Create a Mapper for the CRL
Step D. Create a Publisher for the CRL
Step E. Create a Publishing Rule for the CRL
Step 6. Test Certificate and CRL Publishing
Step A. Decide a Directory Entry for Requesting a Certificate
Step B. Request a Certificate
Step C. Approve the Request
Step D. Download the Certificate to the Browser
Step E. Check if the Directory Has the Certificate
Step F. Revoke the Certificate
Step G. Check the Directory for the CRL
Manually Updating Certificates in the Directory
Manually Updating the CRL in the Directory
Chapter 20 Publishing Certificates and CRLs to a FileConfiguring Certificate Manager to Publish to Files
Step 1. Before You Begin
Managing Mapper and Publisher Plug-in Modules
Step 2. Configure the Certificate Manager
Step A. Create a Publisher for the File
Step 3. Test Publishing
Step B. Create Publishing Rules for Certificates
Step C. Create a Publishing Rule for CRLs
Step D. Specify CRL Details
Step E. Set the CRL Extensions
Step F. Make Sure Publishing is Enabled
Step A. Request a Certificate
Step B. Approve the Request
Step C. Download the Certificate to the Browser
Step D. Check the File for the Certificate
Step E. Revoke the Certificate
Step F. Check the File for the CRL
Registering a Mapper or Publisher Module
Deleting a Mapper or Publisher Module
Chapter 21 Setting Up an OCSP ResponderWhat's an OCSP-Compliant PKI Setup?
How to Get an OCSP Responder?
Setting Up a Certificate Manager with OCSP Service
How Certificate Manager's OCSP-Service Feature Works
How to Get OCSP-Compliant Clients?
How Online Certificate Status Manager Works
Step 1. Before You Begin
Setting Up a Remote OCSP Responder
Step 2. Install OCSP-Compliant Client
Step 3. Enable Certificate Manager's HTTP Port
Step 4. Enable Certificate Manager's OCSP Service
Step 5. Configure Certificate Manager for Extensions
Step 6. Restart the Certificate Manager
Step 7. Test Your CA's OCSP Service Setup
Step A. Turn On Revocation Checking in the Browser
Step B. Request a Certificate
Step C. Approve the Request
Step D. Download the Certificate to the Browser
Step E. Make Sure the CA is Trusted by the Browser
Step F. Verify the Certificate in the Browser
Step G. Check the Status of Certificate Manager's OCSP Service
Step H. Revoke the Certificate
Step I. Verify the Certificate in the Browser
Step J. Check the Certificate Manager's OCSP Service Status Again
Step 1. Before You Begin
Step 2. Install an OCSP-Compliant Client
Step 3. Identify the CA to the OCSP Responder
Step 4. Configure the Certificate Manager to Publish CRLs
Step A. Specify CRL Format and Publishing Interval
Step 5. Configure Certificate Manager for Required Extension Policies
Step B. Set the CRL Extensions
Step C. Create a Publisher for the CRL
Step D. Create a Publishing Rule for the CRL
Step E. Make Sure Publishing is Enabled
Step 6. Configure the Online Certificate Status Manager
Step 7. Restart the Certificate Manager
Step 8. Restart the Online Certificate Status Manager
Step 9. Verify Certificate Manager and Online Certificate Status Manager Connection
Step 10. Test Your OCSP Responder Setup
Step A. Turn On Revocation Checking
Step B. Request a Certificate
Step C. Approve the Request
Step D. Download the Certificate to the Browser
Step E. Make Sure the CA is Trusted by the Browser
Step F. Verify the Certificate in the Browser
Step G. Check the Status of Online Certificate Status Manager
Step H. Revoke the Certificate
Step I. Verify the Certificate in the Browser
Step J. Check the Online Certificate Status Manager Status Again
Chapter 22 Setting Up Key Archival and RecoveryPKI Setup for Key Archival and Recovery
Clients That Can Generate Dual Key Pairs
Key Archival Process
Data Recovery Manager
Forms for Users and Key Recovery Agents
Why You Should Archive Keys
Key Recovery Process
Where the Keys are Stored
How Key Archival Works
Key Recovery Agents and Their Passwords
Configuring Key Archival and Recovery Process
Secret Sharing of Storage Key Password
How Agent-Initiated Key Recovery Works
Interface for the Key Recovery Process
Local Versus Remote Key Recovery Authorization
Key Recovery Agent Scheme
Changing the Key Recovery Agent Scheme
Changing Key Recovery Agents' Passwords
Step 1. Set Up the Key Archival Process
Step A. Deploy Clients That Can Generate Dual Key Pairs
Step 2. Set Up the Key Recovery Process
Step B. Connect the Enrollment Authority and the Data Recovery Manager
Step C. Customize the Certificate Enrollment Form
Step D. Configure Key Archival Policies
Step A. Verify the m of n Scheme
Step 3. Test Your Key Archival and Recovery Setup
Step B. Facilitate the Key Recovery Agents to Change the Passwords
Step C. Determine the Authorization Mode for Key Recovery
Step D. Customize the Key Recovery Form
Step E. Configure Key Recovery Policies
Step A. Test Your Key Archival Setup
Step B. Verify the Key
Step C. Delete the Certificate
Step D. Test Your Key Recovery Setup
Step D. Restore the Key in the Browser's Database
Chapter 23 Managing CMS LogsIntroduction to Logs
Logs Maintained by the Server
Configuring CMS Logs
Services That Are Logged
Log Levels (Message Categories)
Log File Locations
Log File Naming Conventions
Active Log File Naming Convention
Buffered Versus Unbuffered Logging
Rotated Log File Naming Convention
Rotation of Log Files
Timing of Log File Rotation
Deletion of Log Files
Location of Rotated Log Files
How to Conserve Disk Space
Timing of Log File Deletion
Step 1. Before You Begin
Monitoring CMS Logs
Step 2. Modify the Existing Listeners
Step 3. Delete Unwanted Listeners
Step 4. Create New Listeners
Monitoring System Logs
Archiving of Rotated Log Files
Monitoring Error Logs
Monitoring Audit Logs
Using System Tools for Monitoring the Server (Windows NT Only)
Logging to Windows NT Event Log
Using Event Viewer
Avoiding Event Log From Getting Filled
Signing Log Files
Managing Log Modules
Registering a Log Module
Deleting a Log Module
Part 4 Issuing and Managing Certificates
Chapter 24 Issuing and Managing Server CertificatesCertificate Issuance to Servers
How the Manual Server Enrollment Process Works
Getting Server SSL Certificates for Netscape Servers
Getting Certificates for Version 3.x Servers
Renewal of Server Certificates
Step 1. Generate the Server Certificate Request
Getting Certificates for Netscape Version 4.x Servers
Step 2. Submit the Server Certificate Request
Step 3. Install Your Server's SSL Certificate
Step 4. Accept a CA as Trusted in Your Server
Step 5. Verify Your Server's SSL and CA Certificates
Revocation of Server Certificates
Chapter 25 Setting Up CEP EnrollmentCEP Enrollment
CEP Enrollment Using the Script
Setting up CEP Enrollment Manually
Step 1. Set up the Directory for Publishing Certificates and CRLs
Certificate Issuance to Routers or VPN Clients
Step 2. Configure the Certificate Manager for Publishing Certificates and CRLs
Step 3. Set Up Automated Enrollment
Step 4. Set Up Multiple CEP Services
Step 1. Before You Begin
Step 2. Generate the Key Pair for the Router
Step 3. Request the CA's Certificate
Step 4. Submit the Certificate Request to the CA
Example
Part 5 Appendixes
Appendix A Certificate Download SpecificationData Formats
Binary Formats
Importing Certificate Chains
Text Formats
Importing Certificates into Netscape Communicator
Importing Certificates into Netscape Servers
Object Identifiers
Appendix B Using SSL with iPlanet Web Server, Enterprise Edition 4.xCreating a New Server
Obtaining a Server Certificate
Creating a Trust Database
Enabling SSL on the Server
Submitting a Certificate Signing Request
Importing the Certificate
Enabling Encryption on the Server
Testing Client Authentication
Trusting the Root CA Certificate
Enabling Client Authentication for All Requests
Specifying the Authentication Directory
Note for CGI Programmers
Modifying the Configuration File
Modifying the Access Control Lists
Appendix C Export Control InformationApproved Export Operations and Key Sizes
Glossary
SSL Cipher Suite Profiles for Export
Index
Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated April 02, 2001