| Previous Contents Index Next |
| iPlanet Web Server, Enterprise Edition Administrator's Guide |
The Security Tab
The Server Manager Security tab contains the following pages:
The Create Database Page
The Request a Certificate Page
The Manage Server Certificates Page
The Request VeriSign Certificate Page
The Create Database Page
The Create Database page allows you to create a new trust database with the default CA settings and protect it with a password. The server can have only one trust database, so you can create a trust database only if one does not already exist. The trust database is created with the default CA entries which are configured so that they are not trusted CAs for client certificates. To configure the server to trust these CAs for use with client certificates, see The Manage Certificates Page. For more information about creating a trust database, see Creating a Trust Database.The following elements are displayed:
Database Password. Specifies the certificate database password.
Password (again). Confirms the password specified in the Database Password field. If what you enter is different from what you entered in the Database Password field, you will be prompted to try again.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Request a Certificate Page
The Request a Certificate page allows you to add or renew a server certificate. For more information, see Migrating Certificates When You Upgrade.The following elements are displayed:
New Certificate. Specifies that the certificate being requested is new.
Certificate Renewal. Specifies that the certificate being requested is a renewal of an existing certificate.
List of Available Certificate Authorities. Lists the certificate authorities from which you can request server certificates.
Submit to Certificate Authority Via. Specifies the manner in which to submit the certificate request. Select from the following options:
CA Email Address. If you wish to contact the certificate authority via email, select this option and enter the email address in this field.
Select the Mode to Use with the Certificate. Specifies the following:CA URL. If you wish to contact the certificate authority via their web sit, select this option and enter their URL in this field.
Cryptographic Module. Specifies the module to be used with the certificate. Choose internal unless you have installed an external encryption module.
Requestor Name. Specifies the name under which the certificate will be issued.Key-Pair File Password. Specifies the trust database password.
Telephone Number. Specifies the telephone number of the requestor.
Common Name. Specifies the fully qualified hostname used in DNS lookups (for example, www.iplanet.com). This is the hostname in the URL that a browser uses to connect to your site. It is important that these two names are the same. Otherwise, a client is notified that the certificate name does not match the site name, which often makes uses doubt the authenticity of your certificate.
Email Address. Specifies the business email address used for correspondence between you and the CA.
Organization. Specifies the official, legal name of your company, educational institution, organization, and so on. Most CAs require that you verify this information with legal documents (such as a copy of a business license).
Organizational Unit. Specifies a description of an organizational unit within your company. This field is optional.
Locality. Specifies a description of the city, principality, or country for the organization. This field is optional.
State or Province. Specifies the state or province in which the business is located.
Country. Specifies the two-character abbreviation of your country name (in ISO format). The country code for the United States is US.
OK. Saves your entries. You must restart the server in order for your changes to take effect.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Install Certificate Page
The Install Certificate page allows you to install a certificate for a server. You can install your own certificate to present to clients, or a CA's certificate for use in a certificate chain.When you receive a certificate from the CA, it will be encrypted with your public key so that only you can decrypt it. The server will use the key-pair file password you specify to decrypt the certificate when you install it. For more information, see Installing Other Server Certificates.
The following elements are displayed:
Certificate For. Specifies where the certificate will be used. Select from the following options:
This Server. Specifies that the server will use the key-pair file password you specify to decrypt the certificate when you install it.
Cryptographic Module. Specifies the module to be used with the certificate. Choose internal unless you have installed an external encryption module.Server Certificate Chain. Allows the SSL connection to continue at the client's discretion when the client does not recognize the certificate's CA. Certificate chaining is the process of presenting your CA's certificate in addition to your own. If the client trusts the CA who issued the certificate to your CA, the transaction will continue. In this way, a chain of trust is created: the client trusts the second CA, who trusts the first CA, who trusts you. Therefore, the client trusts you.
Trusted Certificate Authority (CA). Accepts the certificate of a CA as a trusted CA for client authentication.
Key Pair File Password. Specifies the password for the certificate database.
Certificate Name. Specifies the common name of the certificate. Enter the certificate name only if it differs from the fully qualified hostname of your server used in DNS lookups (for example, www.iplanet.com).
Message is in This File. Specifies the file that contains the CA certificate.
Message Text (with headers). Contains the content of the CA certificate. If you copy and paste the text, be sure to include the headers "Begin Certificate" and "End Certificate."
OK. Takes you the the The Add or Replace Certificate Page.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Add or Replace Certificate Page
The Add or Replace Certificate Page displays the new certificate information you have just installed.Add Server Certificate or Replace Server Certificate. Adds or replaces your previous certificate wth the one displayed.
Back. Takes you back to the Install a Certificate Page.
The Change Password Page
The Change Password page allows you to change the password used to access your trust database. For more information, see Changing Passwords or PINs.The following elements are displayed:
Cryptographic Module. Specifies the module to be used with the certificate. Choose internal unless you have installed an external encryption module.
Old Password. Specifies the current key pair password.
New Password. Specifies the new key pair password.
Password (again). Confirms the password specified in the New Password field. If what you enter is different from what you entered in the New Password field, you will be prompted to try again.
OK. Saves your entries. You must restart the server in order for your changes to take effect.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Manage Server Certificates Page
The Manage Certificates page displays all the installed certificates associated with the server and allows you to manage the certificates. For more information, see Managing Certificates.If you have an external module installed you will be warned to only do this on your local machine. You will need to enter the password for the external module and click OK for the external module to be made accessible for management.
The following elements are displayed:
Certificate Name. Specifies the name of the certificate authority.
Type. Specifies the type of certificate.
Expires (Time in UTC). Displays the date and time that the certificate expires. Once a certificate has expired, you must renew it to use it again.
When you double click on a certificate, information about the certificate is displayed. Internally issued certificates have the following options:
Certificates issued by a Certificate Authority have the following options:
You must restart the server for your changes to take effect.
The Request VeriSign Certificate Page
This page describes the process of requesting a VeriSign certificate, including the eight basic steps. For more information, see Requesting and Installing a VeriSign Certificate.The following elements are displayed:
OK. Activates the VeriSign Enrollment Wizard.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Install VeriSign Certificate Page
This page allows you to retrieve the server certificate requested from VeriSign for installation on your server. For more information, see Requesting and Installing a VeriSign Certificate.The following elements are displayed:
Select the Mode to Use with the Certificate. Specifies the following:
Cryptographic Module. Specifies the module to be used with the certificate. Choose internal unless you have installed an external encryption module.
Key Pair File Password. Specifies the trust database password.
Select the Transaction ID to Retrieve. Allows you to select the requested certificate from the drop-down list.
OK. Installs the selected certificate. You must restart the server in order for your changes to take effect.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Install CRL /CKLs Page
The Install a CRL /CKLs page allows you to add or replace Certificate Revocation Lists (CRLs) or Compromised Key Lists (CKLs). For more information, see Installing and Managing CRLs and CKLs.The following elements are displayed:
File Contains. Allows you to select one of the following:
The CRL/CKL is in this file: Specifies the CRL/CKL location.
OK. Based on your selections, takes you to:
The Add Certificate Revocation List Page
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.The Replace Certificate Revocation List Page
You must restart the server in order for your changes to take effect.
The Add Certificate Revocation List Page
The following elements are displayed:Add CRL. Installs the specified CRL.
Back. Takes you to the previous page.
The Replace Certificate Revocation List Page
The following elements are displayed:Replace CRL. Replaces the specified CRL.
Back. Takes you to the previous page.
The Add Compromised Key List Page
The following elements are displayed:Add CKL. Installs the specified CKL.
Back. Takes you to the previous page.
The Replace Compromised Key List Page
The following elements are displayed:Replace CKL. Replaces the specified CKL.
Back. Takes you to the previous page.
The Manage CRL/CKLs Page
The Manage Certificate Revocation Lists /Compromised Key Lists page displays the CRLs and CKLs you have installed by certificate name. The date of expiration is also shown. This page allows you to view and delete CRLs and CKLs. For more information, see Installing and Managing CRLs and CKLs.The following elements are displayed:
Server CRLs. Displays more information and options about a CRL when selected.
Server CKLs. Displays more information and options about a CKL when selected.
Clicking on a CRL/CKL displays The Edit CKL/CRL Page.
The Edit CKL/CRL Page
Based on your selection, the Edit CKL/CRL Page displays information for Compromised Key List or for Certificate Revocation List.The following elements are displayed:
Delete. Deletes the CKL or CRL displayed.
Quit. Takes you back to the previous page.
The Migrate Certificate Page
The Migrate 3.X Certificate page enables you to upgrade to iPlanet Web Server 6.0. You should only do this on your local machine.Any 2.X versions cannot be upgraded. 2.X versions must be uninstalled before the 6.0 version can be installed. All 4.X versions of iPlanet Web Server are automatically upgraded to 6.0. For more information, see Migrating Certificates When You Upgrade.
The following elements are displayed:
3.6 Server Root. Specifies the server root of Netscape Enterprise Server 3.6.
Alias. Specifies the alias mapped to the key-pair file and certificate file you associated it with in the Administration Server.
Password. Specifies the certificate key-pair password.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Previous Contents Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated May 09, 2002