Managing Certificates260 Managing Servers with Netscape Console • December 2001Managing CertificatesThe set of standards and services that facilitate the use of public-key cryptographyand X.509 v3 certificates in a network environment is called the public keyinfrastructure (PKI). PKI management is complex topic beyond the scope of thisdocument. The sections that follow introduce some of the specific certificatemanagement issues addressed by Netscape products.• Issuing Certificates• Certificates and the LDAP Directory• Key Management• Renewing and Revoking Certificates• Registration AuthoritiesIssuing CertificatesThe process for issuing a certificate depends on the certificate authority that issuesit and the purpose for which it will be used. The process for issuing nondigitalforms of identification varies in similar ways. For example, if you want to get ageneric ID card (not a driver’s license) from the Department of Motor Vehicles inCalifornia, the requirements are straightforward: you need to present someevidence of your identity, such as a utility bill with your address on it and astudent identity card. If you want to get a regular driving license, you also need totake a test—a driving test when you first get the license, and a written test whenyou renew it. If you want to get a commercial license for an eighteen-wheeler, therequirements are much more stringent. If you live in some other state or country,the requirements for various kinds of licenses will differ.Similarly, different CAs have different procedures for issuing different kinds ofcertificates. In some cases the only requirement may be your email address. Inother cases, your UNIX or NT login and password may be sufficient. At the otherend of the scale, for certificates that identify people who can authorize largeexpenditures or make other sensitive decisions, the issuing process may requirenotarized documents, a background check, and a personal interview.Depending on an organization’s policies, the process of issuing certificates canrange from being completely transparent for the user to requiring significant userparticipation and complex procedures. In general, processes for issuing certificatesshould be highly flexible, so organizations can tailor them to their changing needs.