Index

A

accelerators, 1

active logs

default file location, 1

frequency for rotating, 1

message categories, 1

naming convention, 1

See also logging 1

adding

administrators, 1

agents, 1

automated process, 1

manual process, 1

extensions

to CA certificates, 1

to CRLs, 1, 2, 3

to end-entity certificates, 1

new authentication instances, 1

relationship with enrollment forms, 1

new jobs, 1

new log event listeners, 1

new policy rules, 1

Administration Server, 1

and demo, 1

NT setup, 1

relationship to Netscape Console, 1

relationship to server root, 1

starting, 1

from Netscape Console, 1

from the command line, 1

from the Windows NT Services panel, 1

stopping, 1

from Netscape Console, 1

from the command line, 1

from the Windows NT Services panel, 1

Unix setup, 1

administrator

defined, 1

administrator/agent, initial enrollment, 1, 2, 3, 4

administrators

common tasks, 1

deleting, 1

designated group, 1

modifying, 1

group membership, 1

login information, 1

port used for operations, 1

See also ports 1

role defined, 1

setting up, 1

tools provided

CMS window, 1

Netscape Console, 1

agent

defined, 1

agent enrollment, ?? to 1, 2

Agent Services interface, 1

for Certificate Manager agents, 1

for Data Recovery Manager agents, 1

for Online Certificate Status Manager agents, 1

for Registration Manager agents, 1

URL for, 1

agents

authorizing remote key recovery, 1

deleting, 1

designated groups, 1

modifying, 1

certificate information, 1

group membership, 1

login information, 1

port used for operations, 1

See also ports 1

revocation checking of certificates, 1

role defined, 1

setting up, 1

automated process, 1

manual process, 1

SSL client certificates for, 1

See also Agent Services interface 1

AIX requirements for installation, 1

archiving

rotated log files, 1

users' encryption private keys, 1

Audit log

defined, 1

how to configure, 1

how to monitor, 1

logging to Windows NT event log, 1

See also logging 1

authentication

client, with Enterprise Server 3.x, 1, 2

configuration parameters, 1

decisions for deployment, 1

defined, 1

during certificate enrollment, 1

during certificate renewal, 1

during certificate revocation, 1

for administrators, 1

for agents, 1

managing from CMS window, 1

authentication instances

adding new, 1

relationship with enrollment forms, 1

configuration parameters, 1

deleting, 1

modifying, 1

naming convention, 1

authentication modules, 1, 2, 3, 4, 5, 6

deleting, 1

registering new ones, 1

B

buffered logging, 1

built-in plug-in modules

See plug-in modules 1

C

CA

built-in OCSP service, 1

CA chaining, 1

CA cloning, 1

CA decisions, for deployment, 1, 2

CA renewal, 1, 2

distinguished name, 1

extensions, 1, 2

root versus subordinate, 1

signing certificate, 1

signing key, 1

CA hierarchy, 1

root CA, 1

subordinate CA, 1

CA scalability, 1, 2

CA signing certificate, 1, 2, 3

changing trust settings of, 1

configuration of, 1, 2, 3

deleting, 1

getting a new one, 1, 2

nickname, 1

renewing, 1, 2

viewing details of, 1

CEP, 1, 2, 3, 4, 5

CEP enrollment, 1

manual, 1

port number for, 1

setting up multiple services, 1

URL, 1

using a script, 1

certificate chains

installing in the certificate database, 1

why you should install, 1

certificate database

how to manage, 1

what it contains, 1

where it's maintained, 1

Certificate Database tool, 1, 2

certificate enrollment

authentication during, 1

Certificate Enrollment Protocol (CEP), 1

certificate issuance

to routers, 1, 2

an example, 1

to servers, 1

manual enrollment, 1

Netscape 3.x servers, 1

Netscape 4.x servers, 1

to VPN clients, 1

certificate life-cycle management, 1, 2, 3, 4

Certificate Management System (CMS)

access to subsystems, 1

architecture, 1, 2

command-line utilities, 1

identifier, 1, 2

overview of, 1

servlets, 1

standards supported by, 1, 2

Certificate Manager

as root CA, 1

as subordinate CA, 1

built-in OCSP service, 1, 2

CA hierarchy, 1

CA scalability, 1

chaining to third-party CAs, 1

clone CA, 1

cloning, 1, 2

configuration of, 1, 2

configuring

SMTP settings for notifications, 1, 2, 3

to use separate SSL server certificates, 1

to use specific ciphers, 1

connecting to a Data Recovery Manager, 1

Data Recovery Manager and, 1, 2

Data Recovery Manager and Registration Manager and, 1, 2

demo and, 1

enabling interaction with end entities, 1

enabling OCSP service, 1

features of, 1

installed by itself, 1

interface for agents, 1

introduced, 1, 2

key pairs and certificates

CA signing certificate, 1

CRL signing certificate, 1

getting new ones, 1

list of, 1

OCSP signing certificate, 1

protecting, 1

remote administration server certificate, 1

renewing existing ones, 1

SSL server certificate, 1

wTLS CA signing certificate, 1

logging to Windows NT event log, 1

manual updates to publishing directory, 1

master CA, 1

Registration Manager and, 1, 2

serial number range, 1

specifying IP address for, 1

what to do if not responding, 1

what to do when exhausts all serial numbers, 1

certificate renewal, 1

authentication during, 1

of server certificates, 1

certificate request

result of policy processing, 1

certificate revocation

authentication during, 1

reasons for, 1

who can do this, 1

Certificate Setup Wizard, 1

using to install certificate chains, 1

using to install certificates, 1

supported data formats, 1

using to request certificates, 1

certificates

Certificate Manager, 1

Data Recovery Manager, 1

for subsystems, summarized, 1, 2

for wireless applications, 1, 2

how to revoke, 1

installing, 1, 2

life-cycle management, 1, 2

management formats and protocols, 1, 2

Online Certificate Status Manager, 1

publishing of, 1

publishing to files, 1

publishing to LDAP directory, 1, 2

required schema, 1

Registration Manager, 1

revocation reasons, 1

serial numbers

what to do when a CA exhausts all, 1

SSL server, for CMS subsystems, 1

X.509 specification, 1

changing

CMS instance name, 1, 2

character set for the name, 1, 2, 3, 4

format for the name, 1

group members, 1

port numbers, 1, 2

See also ports 1, 2

trust settings in certificates, 1

why would you change, 1

changing passwords, 1, 2

checking CMS status, 1

cipher suites for export, 1

ciphers

configuring, 1

defined, 1

list of, 1

step-up program for browsers, 1

supported on the server side, 1

which ones to choose, 1

client authentication, with Enterprise Server 3.x, 1, 2

clone CA, 1

cloning, 1

cloning a CA, 1

CMC, 1

CMMF, 1

CMS administrator

defined, 1

CMS agent

defined, 1

CMS certificates

renewal, 1

CMS data

where it's stored, 1

CMS feature list, 1

CMS instance

changing the name, 1, 2

character set for the name, 1, 2, 3, 4

format for the name, 1

creating multiple instances, 1

removing, 1

viewing information, 1

file location, 1

installation date, 1

on/off/unknown status, 1

security level, 1

version number, 1

CMS instances

ports and, 1, 2

server groups and, 1, 2, 3

CMS key pairs and certificates, 1

CMS watchdog, 1

CMS window

Configuration tab, 1

configuring authentication, 1

configuring jobs, 1

configuring network settings, 1, 2

configuring policies, 1

how to launch, 1

introduction, 1

managing logs, 1

Status tab, 1

Tasks tab, 1

using to manage policies, 1

using to schedule jobs, 1

who can launch, 1

CMS. See Certificate Management System, Cryptographic Message Syntax 1

command-line utilities, 1

for adding extensions to CMS certificates, 1

killproc tool, 1

Compaq Tru64 requirements for installation, 1

configuration

road map, 1

ways to modify, 1

configuration directory

demo and, 1

NT setup, 1, 2

Unix setup, 1

configuration directory server

Unix setup, 1

configuration file, 1

copying from one instance to another, 1

effects of installation on, 1

format, 1

format for localizable values, 1

guidelines for editing, 1

how subsystem-specific parameters are distinguished, 1

location, 1

name, 1

sample, 1

shared parameters, 1

ways to modify

by editing the file, 1

from CMS window, 1

what is ignored by the server, 1

what it controls, 1

when created, 1

Configuration tab, 1

tasks you can accomplish, 1

configuring logs, 1

Audit log, 1

Error log, 1

System log, 1

See also logging, 1

connecting subsystems, 1, 2

connection types, 1

connectors, 1

why would you do this, 1

conventions used in this book, 1

core features, 1

creating

administrators, 1

agents, 1

automated process, 1

manual process, 1

creating multiple CMS instances, 1

CRL

complete, 1

CRL Distribution Point extension, 1

CRL signing certificate, 1, 2

nickname, 1, 2

CRLs

Certificate Manager support for, 1

defined, 1

issuing or distribution points, 1

publishing of, 1, 2

publishing to files, 1

publishing to LDAP directory, 1, 2

required schema, 1

publishing to online validation authority, 1, 2, 3

supported extensions, 1

supported versions, 1

when automated updates take place, 1

when generated, 1

who generates it, 1

CRMF, 1

Cryptographic Message Syntax (CMS), 1

D

data formats for installing certificate chains, 1

binary, 1

text, 1

data formats for installing certificates, 1

binary, 1

text, 1

Data Recovery Manager

Certificate Manager and, 1, 2

Certificate Manager and Registration Manager and, 1, 2

configuration of, 1, 2

configuring

to use separate SSL server certificates, 1

to use specific ciphers, 1

connecting to a Certificate Manager, 1

connecting to a Registration Manager, 1

features of, 1

interface for agents, 1

introduced, 1, 2, 3

key pairs and certificates

getting new ones, 1

list of, 1

protecting, 1

remote admin server certificate, 1

renewing existing ones, 1

SSL server certificate, 1

storage key pair, 1

transport certificate, 1

logging to Windows NT event log, 1

recovery agents for, 1, 2

setting up

key archival, 1

key recovery, 1

specifying IP address for, 1

transport certificate, 1, 2

what to do if not responding, 1

database, internal CMS, 1

deleting

authentication instances, 1

authentication modules, 1

certificates from the token, 1

precaution, 1

job modules, 1

jobs, 1

log event listeners, 1

log modules, 1

mapper modules, 1

policy modules, 1

policy rules, 1

privileged users, 1

publisher modules, 1

rotated log files, 1

demo, 1, 2

first user certificate for, 1, 2

installation of, 1, 2

Installation Wizard and, 1, 2

overview of, 1, 2

passwords for, 1, 2

port numbers for, 1

software installed for, 1

using, 1, 2

using an LDAP directory with, 1, 2

verifying installation, 1, 2

deployment planning, 1, 2

authentication decisions, 1

CA decisions, 1, 2

CA renewalCA renewal, 1, 2

distinguished name, 1

extensions, 1, 2

root versus subordinate, 1

signing certificate, 1

signing key, 1

certificate decisions

Certificate Manager, 1

Data Recovery Manager, 1

Online Certificate Status Manager, 1

Registration Manager, 1

enrollment scenarios, 1, 2

file-based publishing decisions, 1

firewall considerations, 1

hardware token decisions, 1

LDAP publishing decisions, 1, 2

policy decisions, 1, 2

port assignments, 1, 2

SSL server certificate decisions, 1

storage key, 1

subsystem certificate decisions, 1, 2

topology decisions, 1, 2

directory

schema for PINs, 1

distinguished name (DN)

for CA, 1, 2

for CA signing certificate, 1

for Data Recovery Manager transport certificate, 1

for Online Certificate Status Manager signing certificate, 1

for Registration Manager signing certificate, 1

documentation

conventions followed, 1

where to find, 1

downloading certificates, 1, 2

DSA, 1

E

email resolver, 1

end entities

enabling interaction with a Certificate Manager, 1

enabling interaction with a Registration Manager, 1

enrollment scenarios for, 1, 2

enrollment, steps in, 1, 2

forms for, 1

forms provided for, 1

generating PINs for, 1, 2

life-cycle management and, 1, 2

port used for operations, 1

See also ports 1

end-entity certificates

renewal, 1

revocation, 1

End-Entity Services Interface

introduced, 1

enrollment forms

specifying authentication, 1

enrollment scenarios, 1, 2

custom authentication, customer database, 1

custom authentication, Kerberos, 1, 2

firewall considerations, 1

manual authentication, 1, 2

PIN-based authentication, 1, 2

routers, 1, 2

VPNs, 1, 2

enrollment, initial administrator/agent, 1, 2

Enterprise Server 3.x, using SSL with, 1, 2

Error log

defined, 1

how to configure, 1

how to monitor, 1

See also logging 1

event log

logging audit and system messages, 1

event-driven notifications, 1

export control information, 1, 2

extensions

adding to a CA certificate, 1

CA certificates and, 1, 2

CAs and, 1, 2

CMS policy modules for, 1

SSL server certificate, 1, 2

tool for joining, 1

tools for generating, 1

transport certificate, 1

external tokens

defined 1

installing, 1

viewing contents of, 1

F

filenames

for active log files, 1

for rotated log files, 1

FIPS PUBS 140-1, 1

firewalls, 1

flush interval for logs, 1

fonts used in this book, 1

G

gateway

agent, for demo, 1

end user, for demo, 1

generating PINs for end entities, 1, 2

getting new certificates for subsystems, 1

groups

changing members, 1

defined, 1

for administrators, 1

for agents, 1

for trusted managers, 1

where they're maintained, 1

H

hardware accelerators, 1

hardware requirements for CMS installation, 1

hardware token decisions, for deployment, 1

hardware tokens

See external tokens 1

host name

for mail server used for notifications, 1, 2

how to check whether CMS is on or off, 1

how to renew CMS certificates, 1

how to revoke certificates, 1

how to search for keys, 1

HP-UX requirements for installation, 1

HTML forms

for agents, 1

for end entities, 1

I

installation, 1, 2

additional instances, 1

AIX requirements, 1

Compaq Tru64 requirements, 1

demo, 1, 2

first user certificate for, 1, 2

Installation Wizard and, 1, 2

NT installation script for, 1, 2

overview of, 1, 2

passwords for, 1, 2

UNIX installation script for, 1

Unix installation script for, ?? to 1

using, 1, 2

verifying, 1, 2

hardware requirements, 1

HP-UX requirements, 1

location of

NT setup, 1

Unix setup, 1

overview, 1

port considerations, 1, 2

software requirements, 1

Solaris requirements, 1

system requirements, 1, 2

Windows NT requirements, 1

wizard, 1, 2

worksheet, 1, 2

installation date, 1

installation script

information requested by, 1, 2

NT

complete instructions, 1, 2

running for demo, 1, 2

worksheet for, 1, 2

UNIX

running for demo, 1

Unix

complete instructions, 1, 2

running for demo, ?? to 1

worksheet for, 1, 2

Installation Wizard

initial configuration steps, 1, 2

procedures for using, 1

running for demo, 1, 2

installing certificates, 1, 2

installing external hardware tokens, 1

installing multiple CMS instances, 1

instances, CMS

agents for additional, ?? to 1, 2

creating additional, 1

internal CMS database, 1

internal database

default host name, 1

precaution for changing the host name, 1

defined, 1

how to distinguish from other Directory Server instances, 1, 2

introduced, 1

name format, 1, 2

schema, 1

what you shouldn't do, 1

what is it used for, 1

when installed, 1

internal tokens

viewing contents of, 1

IP address, 1

IP addresses, and port assignments, 1

issuing certificates

to routers, 1, 2

an example, 1

to servers, 1

manual enrollment, 1

Netscape 3.x servers, 1

Netscape 4.x servers, 1

to VPN clients, 1

J

Java 2, 1

Java/JNI, 1

JavaScript policy processor, 1

job modules

deleting, 1

registering new ones, 1

job scheduler, 1

jobs

adding new, 1

configuration parameters, 1

created during installation, 1

deleting, 1

managing, 1

managing from CMS window, 1

modifying, 1

naming, 1

naming convention, 1

setting frequency, 1

turning on scheduler, 1

JSS, 1

K

key archival, 1

how it works, 1

how keys are stored, 1

how to set up, 1

PKI setup required, 1

where keys are stored, 1

why you should archive, 1

key features, 1

key length, 1

key pairs and certificates used by CMS, 1

key recovery, 1

designated agents

See key recovery agents 1

how to set up, 1

interface for agents, 1

local vs. remote, 1

key recovery agents

passwords, 1

significance, 1

when specified the first time, 1

responsibilities, 1

role defined, 1

KEYGEN tag, 1

killproc tool, 1

L

LDAP, 1

LDAP directory

configuration, demo and, 1

DN pattern for authentication, 1

internal CMS database, demo and, 1

publishing decisions, 1, 2

testing authentication with, 1, 2

LDAP publishing

advantages, 1

defined, 1

manual updates, 1

when to do, 1

who can do this, 1

See CRLs 1

linked CA, 1

linking subsystems

See connecting subsystems 1

local vs. remote key recovery, 1

location of

active log files 1

CMS configuration file, 1

CMS documentation, 1

rotated log files, 1

log event listeners

adding new, 1

created during installation, 1

deleting, 1

modifying, 1

naming convention, 1

log modules

deleting, 1

registering new ones, 1

logging

buffered vs. unbuffered, 1

configuring

Audit log, 1

Error log, 1

System log, 1

log files

archiving rotated files, 1

automatic deletion, 1

automatic rotation, 1

default location, 1

location of rotated files, 1

naming convention for active logs, 1

naming convention for rotated logs, 1

significance of deleting files, 1

signing rotated files, 1

timing of rotation, 1

log levels, 1

default selection, 1

how they relate to message categories, 1

how they're represented, 1

significance of choosing the right level, 1

what it means, 1

managing from CMS window, 1

monitoring

Audit log, 1

Error log, 1

System log, 1

using system tools in Windows NT, 1

parameters in the configuration file, 1

services that are logged, 1

types of logs, 1

Audit, 1

Error, 1

System, 1

M

m of n secret sharing, 1

mail server used for notifications, 1, 2

managing

certificate database, 1

job plug-in modules, 1

log plug-in modules, 1

mapper plug-in modules, 1

policies, 1

policy plug-in modules, 1

privileged users, 1

publisher plug-in modules, 1

schedulable jobs, 1

mapper modules

deleting, 1

list of, 1

registering new ones, 1

mappers

created during installation, 1

modifying, 1

mapping certificates to directory entries, 1

master CA, 1

message templates for notifications, 1

modifying

authentication instances, 1

jobs, 1

log event listeners, 1

mappers, 1

policy rules, 1

privileged user's group membership, 1

privileged-user information, 1

publishers, 1, 2

monitoring logs, 1

Audit log, 1

Error log, 1

System log, 1

things you can monitor, 1

using system tools in Windows NT, 1

See also logging 1

N

naming convention

for active logs, 1

for authentication instances, 1

for CMS instances, 1, 2, 3, 4

for internal database instances, 1, 2

for log event listeners, 1

for policy rules, 1

for rotated logs, 1

for schedulable jobs, 1

Netscape Console

checking CMS status, 1

demo and, 1

how to launch, 1

in Unix, 1

in Windows NT, 1

installing multiple CMS instances, 1

introduction, 1

opening CMS window, 1

relationship to Administration Server, 1

removing a CMS instances, 1

restarting Certificate Management System, 1, 2, 3, 4

starting Administration Server, 1

starting Certificate Management System, 1

starting Installation Wizard from, 1

stopping Administration Server, 1

stopping Certificate Management System, 1

viewing CMS instance information, 1

nickname

for CA signing certificate, 1

for CRL signing certificate, 1, 2

for OCSP signing certificate, 1

for remote administration server certificate, 1

for signing certificate, 1, 2

for SSL server certificate, 1, 2, 3, 4

for transport certificate, 1

for wTLS signing certificate, 1

notifications

configuring the mail server, 1

host name, 1, 2

port, 1, 2

customizing, 1

templates, 1

event-driven, 1

when certificates are issued, 1

when new requests are queued, 1

notifications, event-driven, 1

NSS, 1

O

OCSP, 1

OCSP client, 1

OCSP responder, 1, 2

defined, 1

OCSP server, 1, 2

OCSP service

enabling in Certificate Manager, 1

OCSP signing certificate, 1

nickname, 1

Online Certificate Status Manager

configuration of, ?? to 1

interface for agents, 1

introduced, 1, 2

key pairs and certificates

list of, 1

protecting, 1

remote admin server certificate, 1

signing certificate, 1

SSL server certificate, 1

logging to Windows NT event log, 1

online certificate validation authority

defined, 1

operating systems supported, 1

P

password cache, 1

password-quality checker, 1, 2

passwords

changing cached, 1, 2

See also single signon passwords 1, 2

PIN Generator tool

delivering PINs to users, 1

directory schema requirements, 1

changing 3.x directory schema, 1

changing 4.x directory schema, 1

generating PINs, 1

PIN present constraints policy, 1

PKCS #10, 1

PKCS #11, 1, 2, 3

PKCS #11 support 1

PKCS #7, 1

PKI. See installation script. 1

PKI. See Public-Key Infrastructure. 1

PKI. Seedistinguished name (DN). 1

pkiclient.exe, 1

PKIX, 1

plug-in modules

for logs

managing, 1

for mappers

managing, 1

for policy, 1

managing, 1

for publishers

managing, 1

for publishing

list of, 1, 2

policies in JavaScript, 1

policy

built-in plug-in modules, 1

configuration parameters, 1

defined, 1

managing, 1

managing from CMS window, 1

processor, 1

how it applies rules, 1

JavaScript, 1

result of processing, 1

when used, 1

what can you use it for, 1

policy modules, 1, 2, 3

decisions for deployment, 1, 2

deleting, 1

registering new ones, 1

policy rules

adding new, 1

configuration parameters, 1

created during installation, 1

defined, 1

deleting, 1

how policy processor applies them, 1

modifying, 1

naming convention, 1

predicates in, 1

reordering, 1

significance of ordering, 1

See also predicates 1

types of, 1

what each rule does, 1

port numbers

assignment of, 1, 2

for demo, 1

IP addresses and, 1

ports, 1

changing numbers, 1, 2

for agent operations, 1

for end-entity operations, 1

turning on/off HTTP port, 1

for remote administration, 1

for the mail server used for notifications, 1, 2

how to choose numbers, 1

predicates

attributes for, 1

expression support, 1

operators for, 1

sample expressions, 1, 2

what are they, 1

why would you use, 1

privileged users, 1, 2

deleting, 1

groups, 1

modifying privileges, 1

certificate information, 1

group membership, 1

login information, 1

setting up, 1

administrators, 1

agents, 1

trusted managers, 1

types, 1

administrators, 1

agents, 1

determining factor, 1

trusted manager, 1

types or roles, 1

protecting private keys, 1

Public-Key Infrastructure (PKI), 1

publisher modules

deleting, 1

list of, 1

registering new ones, 1

publishers

created during installation, 1

modifying, 1, 2

CRLs

publishing

See also LDAP publishing 1

publishing

of certificates, 1

to files, 1

to LDAP directory, 1, 2

of CRLs, 1

to files, 1

to LDAP directory, 1, 2

to online validation authority, 1, 2, 3

See LDAP publishing 1

publishing certificates to directory entries, 1

publishing directory

defined, 1, 2

publishing rules

created during installation, 1

R

reasons for revoking certificates, 1

recovering users' private keys, 1

registering

authentication modules, 1

job modules, 1

log modules, 1

mapper modules, 1

policy modules, 1

publisher modules, 1

Registration Manager

Certificate Manager and, 1, 2

Certificate Manager and Data Recovery Manager and, 1, 2

configuration of, 1, 2

configuring

SMTP settings for notifications, 1

to use separate SSL server certificates, 1

to use specific ciphers, 1

connecting to another subsystem, 1

enabling interaction with end entities, 1

features of, 1

interface for agents, 1

introduced, 1, 2

key pairs and certificates

getting new ones, 1

list of, 1

protecting, 1

remote admin server certificate, 1

renewing existing ones, 1

signing certificate, 1

SSL server certificate, 1

logging to Windows NT event log, 1

specifying IP address for, 1

what to do if not responding, 1

Remote admin server certificate, 1

remote admin server certificate, 1, 2

Remote administration server certificate, 1

nickname, 1

removing unwanted CMS instances, 1

renewal of certificates

See certificate renewal 1

renewal of CMS certificates, 1

renewing certificates of subsystems, 1

reordering policy rules, 1

significance of ordering, 1

restarting

Certificate Management System, 1

from Netscape Console, 1, 2, 3, 4

from the command line, 1

revocation checking of agent certificates, 1

revocation-status checking for agent certificates, 1

revoking certificates, 1

reasons, 1

who can do this, 1

road map to configuring subsystems, 1

roles

administrator, 1

agent, 1

determining factor, 1

key recovery agents, 1

trusted manager, 1

root CA, 1

root versus subordinate CA, 1

rotated logs

naming convention, 1

rotating log files, 1

archiving files, 1

conserving disk space, 1

how to set the time, 1

signing files, 1

routers

getting certificates for, 1, 2, 3

port used for requesting, 1

RSA, 1

S

scalability, 1

schedulable jobs

See jobs 1

scheduling

jobs, 1

secret sharing of storage key pair, 1

security level, 1

server certificate, 1, 2

server certificate renewal, 1

server group, 1

server groups, 1

server instance

finding out details, 1

server name

changing, 1

server root, 1

default for Unix, 1

default for Windows NT, 1

defined, 1

how many on a single host, 1

relationship with Administration Server, 1

server status

off, 1

on, 1

unknown, 1

server's on/off status, 1

servlets, CMS, 1

setpin.conf file, 1

setting CRL extensions, 1, 2, 3

setting up

key archival, 1

key recovery, 1

setup script, 1

signing

rotated log files, 1

signing algorithms, 1

signing certificate, 1, 2

CA, 1, 2, 3, 4

changing trust settings of, 1

deleting, 1

getting a new one, 1, 2

nickname, 1, 2

Online Certificate Status Manager, 1

Registration Manager, 1, 2, 3

renewing, 1, 2

viewing details of, 1

signing key, for CA, 1

single sign-on password, 1, 2

single signon password

changing cached passwords, 1, 2

starting CMS without, 1

what it does, 1

what it protects, 1

when required, 1

when specified, 1

why change periodically, 1

SMTP settings, 1, 2, 3

software requirements for CMS installation, 1

Solaris

requirements for installation, 1

Solaris requirements for installation, 1

specifying IP address, 1

SSL, 1

cipher suites approved for export, 1

server certificate, 1, 2

using with Enterprise Server, 1, 2

SSL server certificate, 1, 2, 3, 4

changing trust settings of, 1

deleting, 1

getting a new one, 1, 2

nickname, 1, 2, 3, 4

renewing, 1, 2

viewing details of, 1

starting

Administration Server, 1

from Netscape Console, 1

from the command line, 1

from the Windows NT Service panel, 1

Certificate Management System, 1

from Netscape Console, 1

from the command line, 1

from the Windows NT Services panel, 1

information required, 1

Netscape Console, 1

in Unix, 1

in Windows NT, 1

Status tab, 1

tasks you can accomplish, 1

stopping

Administration Server, 1

from Netscape Console, 1

from the command line, 1

from the Windows NT Services panel, 1

Certificate Management System, 1

from Netscape Console, 1

from the command line, 1

from the Windows NT Services panel, 1

storage key pair, 1

secret sharing, 1

storage key, for Data Recovery Manager, 1

stronger encryption for export browsers, 1

subject name, 1

subordinate CA, 1

subsystem certificate decisions, 1, 2

subsystem certificate decisions, for deployment

Certificate Manager, 1

Data Recovery Manager, 1

SSL server, 1

support for

OCSP client, 1

publishing of CRLs, 1

System log

defined, 1

how to configure, 1

how to monitor, 1

logging to Windows NT event log, 1

See also logging 1

system requirements for CMS installation, 1, 2

T

Tasks tab, 1

tasks you can accomplish, 1

templates

for notifications, 1

customizing, 1

token list, 1

templates

for automated notifications, 1

timing log file deletion, 1

timing log rotation, 1

tokens

changing password of, 1

deleting certificates from, 1

external, 1

See also external tokens 1

internal, 1

managing, 1

viewing contents of, 1

viewing which tokens are installed, 1

what are they, 1

topology decisions, for deployment, 1, 2

transport certificate, 1

changing trust settings of, 1

deleting, 1

getting a new one, 1, 2

nickname, 1

renewing, 1, 2

viewing details of, 1

when used, 1

transport certificate, for Data Recovery Manager, 1, 2

trusted managers

certificate for SSL client authentication, 1

connectors for linking, 1

deleting, 1

designated group, 1

access rights, 1

modifying, 1

certificate information, 1

group membership, 1

login information, 1

role defined, 1

setting up, 1

type styles used in this book, 1

U

unbuffered logging, 1

uninstalling Certificate Management System, 1

from the command line, 1

using Windows NT Add/Remove Programs utility, 1

upgrading from a pervious version, 1, 2

user/group directory

NT setup, 1

user/group directory server

Unix setup, 1

users

privileged, 1

utilities, command-line, 1

V

version number, 1

viewing

contents of a token, 1

viewing CMS instance information, 1

VPN clients

getting certificates for, 1

W

watchdog, 1

when the server was installed, 1

why should you revoke certificates, 1

Windows NT event log

logging audit and system messages, 1

Windows NT, requirements for installation, 1

wireless CA certificate, 1, 2

wireless certificates, 1, 2

wizard

See Certificate Setup Wizard 1

writing policies in JavaScript, 1

wTLS CA signing certificate, 1

nickname, 1

wTLS certificates, 1, 2

X

X.509 certificates, 1