Complete Contents
About This Guide
PART 1: Overview and Demo Installation
Chapter 1 Introduction to Certificate Management System 4.0
Chapter 2 Default Demo Installation
PART 2: Planning and Installation
Chapter 3 Planning Your Deployment
Chapter 4 Installation Worksheet
Chapter 5 Installation and Configuration
Appendix A Migrating from Certificate Server 1.x
Appendix B Certificate Extensions
Appendix C Certificate Download Specification
Appendix D Using SSL with Enterprise Server 3.x
Appendix E Export Control Information
Glossary
Previous Contents Index Bookshelf


Index


A
Administration Server
  and demo 76
  NT setup 130
  Unix setup 127
administrator/agent, initial enrollment 88-91, 194-197
agent enrollment 198-200
authentication
  client, with Enterprise Server 3.x 249-266
  decisions for deployment 119
authentication modules 29-30, 30-43, 54-55, 70
authorityKeyIdentifier 218, 234, 242

B
basicConstraints 219, 241

C
CA decisions, for deployment 110-114
  CA renewal 113-114
  distinguished name 110-111
  extensions 112-113
  root versus subordinate 112
  signing certificate 111
  signing key 111
CA signing certificate 111
  configuration of 135-138
CEP 44-45, 46, 50, 70
certificateIssuer 237
certificate life-cycle management 33, 48-53, 58
Certificate Management System (CMS)
  access to subsystems 50
  architecture 66-70
  command-line utilities 64-66
  identifier 127, 130
  overview of 22-29
  servlets 29
  standards supported by 70-72
Certificate Manager
  configuration of 134-138
  Data Recovery Manager and 106-110
  Data Recovery Manager and Registration Manager and 108-110
  demo and 77
  features of 59
  installed by itself 103-104
  introduced 24
  Registration Manager and 104-105
certificatePolicies 220
certificates
  Certificate Manager 117
  Data Recovery Manager 118
  extensions for 211-242
  for subsystems, summarized 116-118
  installing 243-247
  life-cycle management 48-53
  management formats and protocols 70-71
  Registration Manager 118
  SSL server, for CMS subsystems 117
  X.509 specification 72
cipher suites for export 271
client authentication, with Enterprise Server 3.x 249-266
CMC 71
CMMF 71
CMS. See Certificate Management System, Cryptographic Message Syntax
CMS instances
  ports and 120-122
  server groups and 102, 120-122
command-line utilities 64-66
configuration directory
  demo and 77
  NT setup 128, 129-130
  Unix setup 124, 126
conventions used in this book 15
cRLDistributionPoints 221
CRLNumber 234
CRLs
  Certificate Manager support for 60
  extensions for 233-238
CRMF 70
Cryptographic Message Syntax (CMS) 71

D
database, internal CMS 77
Data Recovery Manager
  Certificate Manager and 106-110
  Certificate Manager and Registration Manager and 108-110
  configuration of 140-144
  features of 61
  introduced 24
  recovery agents for 143-144
  transport certificate 140-143
deltaCRLIndicator 235
demo 73-98
  first user certificate for 88-91
  installation of 73-98
  Installation Wizard and 85-88
  overview of 76-80
  passwords for 79-80
  port numbers for 78
  software installed for 78
  using 91-98
  using an LDAP directory with 95-98
  verifying installation 91-95
deployment planning 101-122
  authentication decisions 119
  CA decisions 110-114
    CA renewalCA renewal 113-114
    distinguished name 110-111
    extensions 112-113
    root versus subordinate 112
    signing certificate 111
    signing key 111
  certificate decisions
    Certificate Manager 117
    Data Recovery Manager 118
    Registration Manager 118
  enrollment scenarios 33-47
  firewall considerations 34
  hardware token decisions 114-115
  LDAP publishing decisions 115-116
  policy decisions 119-120
  port assignments 120-122
  SSL server certificate decisions 117
  storage key 118
  subsystem certificate decisions 116-118
  topology decisions 102-110
distinguished name (DN)
  for CA 110-111
  for CA signing certificate 136
  for Data Recovery Manager transport certificate 141
  for Registration Manager signing certificate 139
downloading certificates 243-247
DSA 111

E
end entities
  enrollment, steps in 30-32
  enrollment scenarios for 33-47
  forms for 52
  life-cycle management and 48-53
enrollment, initial administrator/agent 194-197
enrollment scenarios 33-47
  custom authentication, customer database 36
  custom authentication, Kerberos 40-41
  firewall considerations 34
  manual authentication 38-39
  PIN-based authentication 42-43
  routers 46-47
  VPNs 44-45
Enterprise Server 3.x, using SSL with 249-266
event-driven notifications 58
export control information 267-271
extensions 211-242
  adding to certificates 240
  authorityKeyIdentifier 218, 234, 242
  basicConstraints 219, 241
  CA certificates and 136-138, 241-242
  CAs and 112-113
  certificateIssuer 237
  certificatePolicies 220
  CMS policy modules for 56
  cRLDistributionPoints 221
  CRLNumber 234
  deltaCRLIndicator 235
  extKeyUsage 222
  holdInstructionCode 237
  invalidityDate 238
  issuerAltName 224, 236
  issuingDistributionPoint 236
  keyUsage 225
  nameConstraints 228
  netscape-cert-type 239, 241
  netscape-comment 240
  Netscape-defined 239-242
  policyConstraints 228
  policyMappings 229
  privateKeyUsagePeriod 230
  reasonCode 238
  recommendations for usage 213-217
  SSL server certificate 146-147
  subjectAltName 230
  subjectDirectoryAttributes 232
  subjectKeyIdentifier 232
  transport certificate 142
  X.509 certificate, summarized 217-233
  X.509 CRL, summarized 233-238
extKeyUsage 222

F
FIPS PUBS 140-1 71
firewalls 34
fonts used in this book 15

G
gateway
  agent, for demo 88
  end user, for demo 88

H
hardware requirements for CMS installation 74
hardware token decisions, for deployment 114-115
holdInstructionCode 237

I
installation 149-200
  additional instances 198
  demo 73-98
    first user certificate for 88-91
    Installation Wizard and 85-88
    NT installation script for 83-85
    overview of 76-80
    passwords for 79-80
    Unix installation script for 81-83
    using 91-98
    verifying 91-95
  hardware requirements 74
  location of
    NT setup 127
    Unix setup 124
  overview 150
  port considerations 120-122
  software requirements 74
  Solaris requirements 74, 76
  system requirements 74-76
  Windows NT requirements 75
  wizard 159-193
  worksheet 123-148
installation script
  information requested by 124-131
  NT
    complete instructions 155-158
    running for demo 83-85
    worksheet for 127-131
  Unix
    complete instructions 152-155
    running for demo 81-83
    worksheet for 124-127
Installation Wizard
  initial configuration steps 131-133
  procedures for using 159-194
  running for demo 85-88
installing certificates 243-247
instances, CMS
  agents for additional 198-200
  creating additional 198
internal CMS database 77
invalidityDate 238
IP addresses, and port assignments 122
issuerAltName 224, 236
issuingDistributionPoint 236

J
Java/JNI 69
JDK 1.1.6 69
job scheduler 57
JSS 69

K
KEYGEN tag 72
key length 111
keyUsage 225

L
LDAP 72
LDAP directory
  configuration, demo and 77
  DN pattern for authentication 96
  internal CMS database, demo and 77
  publishing decisions 115-116
  testing authentication with 95-98

M
migrating from Certificate Server 1.x 134-135, 201-209

N
nameConstraints 228
netscape-cert-type 239, 241
netscape-comment 240
Netscape Console
  demo and 76
  starting Installation Wizard from 159
notifications, event-driven 58
NSS 69

P
PKCS #10 72
PKCS #11 67-69, 72
PKCS #7 72
PKI. Seedistinguished name (DN).
PKI. See installation script.
PKI. See Public-Key Infrastructure.
PKIX 71
policyConstraints 228
policyMappings 229
policy modules 29-32, 55-57
  decisions for deployment 119-120
port numbers
  assignment of 120-122
  for demo 78
  IP addresses and 122
privateKeyUsagePeriod 230
Public-Key Infrastructure (PKI) 23

R
reasonCode 238
Registration Manager
  Certificate Manager and 104-105
  Certificate Manager and Data Recovery Manager and 108-110
  configuration of 138-140
  features of 58
  introduced 24
root versus subordinate CA 112
RSA 111

S
server certificate 145-147
server groups 102
servlets, CMS 29
setup script 98
signing algorithms 60
signing certificate
  CA 111, 135-138
  Registration Manager 138-140
signing key, for CA 111
single sign-on password 148
software requirements for CMS installation 74
Solaris
  requirements for installation 76
Solaris requirements for installation 74
SSL 72
  cipher suites approved for export 271
  server certificate 145-147
  using with Enterprise Server 249-266
storage key, for Data Recovery Manager 118
subjectAltName 230
subjectDirectoryAttributes 232
subjectKeyIdentifier 232
subject name 123
subsystem certificate decisions 116-118
subsystem certificate decisions, for deployment
  Certificate Manager 117
  Data Recovery Manager 118
  SSL server 117
system requirements for CMS installation 74-76

T
terms used in this book 15
topology decisions, for deployment 102-110
transport certificate, for Data Recovery Manager 140-143
typestyles used in this book 15

U
user/group directory
  NT setup 128
user/group directory server
  Unix setup 125
utilities, command-line 64-66

W
Windows NT, requirements for installation 75

X
X.509 certificates 72
 

© Copyright 1999 Netscape Communications Corp., a subsidiary of America Online, Inc. All rights reserved.