Complete Contents
About This Guide
PART 1: Netscape Certificate Management System
Chapter 1: Introduction to Certificate Management System
Chapter 2: Administration Tasks and Tool
Chapter 3: Configuration
PART 2: Managing Certificate Management System
Chapter 4: Installing and Uninstalling Instances
Chapter 5: Starting and Stopping Instances
PART 3: System-Level Configuration
Chapter 6: Configuring Ports, Database, and SMTP Settings
Chapter 7: Managing Privileged Users and Groups
Chapter 8: Keys and Certificates
PART 4: Authentication
Chapter 9: Introduction to Authentication
Chapter 10: Using the PIN Generator Tool
Chapter 11: Configuring Authentication for End Entities
Chapter 12: Developing Authentication Plug-ins
PART 5: Job Scheduling and Notification
Chapter 13: Introduction to Job Scheduling and Notifications
Chapter 14: Configuring Jobs
PART 6: Policies
Chapter 15: Introduction to Policies
Chapter 16: Configuring Policies
PART 7: LDAP Publishing
Chapter 17: Introduction to LDAP Publishing
Chapter 18: Configuring Subsystems for LDAP Publishing
Chapter 19: Publishing CRLs
PART 8: Agent and End-Entity Interfaces
Chapter 20: Introduction to End-Entity and Agent Interfaces
Chapter 21: Customizing End-Entity and Agent Interfaces
PART 9: Logs
Chapter 22: Introduction to Logs
Chapter 23: Managing Logs
PART 10: Issuance and Management of End-Entity Certificates
Chapter 24: Issuing and Managing End-Entity Certificates
Chapter 25: Recovering Encrypted Data
PART 11: Appendixes
Appendix A: Distinguished Names
Appendix B: Backing Up and Restoring Data
Appendix C: Command-Line Utilities
Appendix D: Certificate Database Tool
Appendix E: Key Database Tool
Appendix F: Netscape Signing Tool
Appendix G: SSL Strength Tool
Appendix H: SSL Debugging Tool
Previous Next Contents Index Bookshelf


Chapter 4 Installing and Uninstalling Instances

After the initial installation of Netscape Certificate Management System (CMS), you may need to install additional instances, remove unwanted instances, or duplicate configuration in multiple instances. This chapter describes how to manage these tasks by using Netscape Console, the single, unified administration interface for your network.

You can use Netscape Console only when Netscape Administration Server is running. During CMS installation, you specified a port number for the Administration Server instance you will use to administer Certificate Management System. If Administration Server is shut down, be sure to start it at this port. To minimize security risks, shut down the Administration Server when you have finished using Netscape Console. For more information about Netscape Console, see "Administration Tasks and Tool".

The chapter has the following sections:
Installing Multiple Instances
Multiple instances of Certificate Management System can run on the same machine. You might, for example, install multiple Registration Managers, all reporting to the same Certificate Manager, to handle requests from different types of users (end users, servers, and routers) or from users from different domains. For example deployment scenarios, see the Netscape Certificate Management System Installation and Deployment Guide.

Once Certificate Management System is installed on a machine, you can use that CMS installation to create multiple instances of the server on the same machine. Administration Server contains all the files necessary to install another instance of Certificate Management System on the same machine; you don't have to run the complete installation (setup) program again. However, you do need to run the CMS installation wizard each time you create an instance, so that you can configure the server and generate the required certificates. So, before attempting to create another instance of Certificate Management System, be sure to read about the installation wizard in the Netscape Certificate Management System Installation and Deployment Guide.

When you install additional CMS instances on the same machine, you are required to specify different ports for each CMS instance to listen on. For example, you will have to set up one server to listen on port 443 and another server to listen on port 4430. However, if you install multiple CMS instances on a machine that has been set up with more than one IP addresses, you can configure each instance to listen to a specific IP address--this enables you to use same the port numbers for different CMS instances installed on the same machine.

 Keep in mind that when you create a new instance, you'll be required to specify different port numbers; the installation wizard allows you to specify the port numbers only, not IP addresses. After you have successfully created the instance, you can edit the CMS configuration file to specify the IP addresses for individual CMS ports and then change the port numbers. For details on editing the configuration file to include the IP addresses, see "Specifying IP Addresses for CMS Instances". For details on changing the port numbers, see "Configuring Port Numbers".

To create another instance of Certificate Management System with a separate configuration file (and certificates):
  1. Access Netscape Console (see "Accessing Netscape Console").

  2. In the Console tab, select the server group that contains the CMS instance you want to use as your source.

  3. From the Object menu, choose the Create Instance Of option and, in the pop-up menu that appears, choose Netscape Certificate Management System.

    4. As shown in this figure, you can also right-click to choose this option from the pop-up menu.

    The Create Server Instance dialog box appears.

  4. Enter a name for the instance. For the name, you can use any combination of letters (aA to zZ), digits (0 to 9), an underscore (_), and a hyphen (-); other characters and spaces are not allowed. For example, you can type Netscape_root-CA as the instance name, but not Netscape root CA.
    5.

  5. Click OK.

    6. The instance you created appears in the navigation tree. Note that the instance name appears in this form:

    cert-<instance_name>

    <instance_name> is the name you specified for the new CMS instance.

    For example, if you named the instance Marketing_CA, the instance name in the navigation tree will be cert-Marketing_CA.

  6. To start the installation wizard, double-click the new instance in the navigation tree.
    7.

    Use the installation wizard to finish configuring the new instance.


Viewing Instance Information
In Netscape Console, you can view some of the basic information--the name and version number of the server, the directory in which it's installed, and date it was installed--about a CMS instance.

 To view information pertaining to a specific CMS instance:
  1. Access Netscape Console (see "Accessing Netscape Console").

  2. In the Console tab, double-click the server group that contains the CMS instance you want to view.

  3. In the list of server instances, select the CMS instance you want to view.

    4. The right pane shows information about the selected CMS instance.

    The information displayed includes the following:

    Server Name. A descriptive name of the CMS instance. You can change this name; see "Changing the Name of an Instance").

    Description. Additional information that helps you identify the CMS instance. You can change this description; see "Changing the Name of an Instance".

    Installation Date. The date the server was installed.

    Server Root. The directory that holds all the files for the selected CMS instance, the files of its Administration Server, and the files of any other Netscape servers in the same server group (that is, administered by that Administration Server). A host typically has only one server root, but more than one is possible, especially if different version numbers of the same server are installed on a single host.

    The default server root in Unix is usr/netscape/server4/ and in Windows NT is C:\Netscape\Server4.

    Product Name. The complete product name.

    Vendor. The name of the vendor.

    Version. The version number.

    Build Number. The number that identifies the build that was used for this installation.

    Security Level. The server's security level--whether the server is meant for use in the United States (domestic) or any other part of the world (export). (See "Configuring the Server's Security Preferences")

    Server Status. The server's status--whether it is started or stopped.


Changing the Name of an Instance
Following installation, the name of a CMS instance is in the form:

 cert-<instance_id>

<instance_id> is the ID for this instance of Certificate Management System. You first specified this when you installed this server.

For example, if you installed an instance of Certificate Management System with an ID of testCA, the instance name will be cert-testCA.

 You can change the instance name to a more descriptive one later. If you change the instance name, Certificate Management System uses the new name as a descriptive nickname for the instance. It shows the new name in Netscape Console only; it does not change the original instance ID in the configuration.

 To change the name of a particular CMS instance:
  1. Access Netscape Console (see "Accessing Netscape Console").

  2. In the Console tab, select the CMS instance you want to rename.

  3. Click Edit.

    4. Details about the selected CMS instance appear in the right pane.

  4. Specify the appropriate information:
    5.

    Server Name. Type a descriptive name for the server.

    Description. Type any additional description for the server. For example, you may want to type information that will help you identify this instance of Certificate Management System.

  5. Click OK.

    6. You are returned to the previous screen. The new name appears in the right pane.


Removing an Instance from a System
If you are sure you won't need a particular CMS instance anymore, you can use Netscape Console to remove the server instance from your machine. Removing a CMS instance is not the same as uninstalling Certificate Management System; when you uninstall Certificate Management System, its program files are deleted from the host machine. (For instructions, see "Uninstalling Certificate Management System".)

To remove a CMS instance from your machine:
  1. Access Netscape Console (see "Accessing Netscape Console").

  2. In the Console tab, select the CMS instance you want to remove.

  3. From the Object menu, choose Stop; you can also right-click to choose this option from the pop-up menu (see the figure below).

  4. When the server has stopped, from the Object menu, choose Remove Server.

    5. As shown in the figure below, you can also right-click to choose this option from the pop-up menu.

  5. When prompted, confirm that you want to remove the server instance.
    6.

    The selected CMS instance and the corresponding internal database is removed. The Directory Server (configuration directory) and Administration Server binaries are not removed; you require these to administer the remaining servers installed in the same server group.


Uninstalling Certificate Management System
To remove files pertaining to Certificate Management System from a host system, run the uninstallation program. Uninstalling Certificate Management System removes all the corresponding CMS instances from the navigation tree of Netscape Console. To remove a specific CMS instance, follow the instructions provided in "Removing an Instance from a System".

You can uninstall Certificate Management System in two ways:

 Uninstalling from the Command Line

To uninstall Certificate Management System from the command line:

  1. Open a terminal window to your server.

  2. In a Unix system, log in either as root or using the server's user account (if that is how you started the server).

  3. At the command-line prompt, enter the following line:

Windows NT

<server_root>\uninst

Unix

<server_root>/uninstall

<server_root> is the directory where the CMS binaries are kept. You first specified this directory during installation.

The uninstallation program starts.

Uninstalling by Using the Windows NT Add/Remove Programs Utility

To remove Certificate Management System by using the Windows NT Add/Remove Programs utility:

  1. From the Start menu, choose Settings, then Control Panel.
    2.

  2. In the Control Panel, choose Add/Remove Programs.

  3. In the Add/Remove Programs Properties window, choose Netscape Server 4.0 Family, and click Add/Remove.

  4. In the Netscape Server Uninstall window, make sure all the components are selected, and click Uninstall.

    5. The uninstallation program starts.

 

© Copyright 1999 Netscape Communications Corp., a subsidiary of America Online, Inc. All rights reserved.