Setting Up Privileged Users414 Netscape Certificate Management System Installation and Setup Guide • October 2001Note that for a Certificate Manager to add the Registration Manager this way, theCertificate Manager agent who approves the Registration Manager signingcertificate request must belong to both the Certificate Manager Agents andAdministrators groups in the internal database of the Certificate Manager. Formore information about these groups, see “Groups and Their Privileges” onpage 398.Setting Up a Registration Manager as a Trusted ManagerYou can set up a remote Registration Manager to function as a trusted manager to aCertificate Manager, another Registration Manager, or a Data Recovery Manager.• Step 1. Find the Required Information• Step 2. Create a User Entry for the Registration Manager• Step 3. Copy the Registration Manager’s Certificate to the Internal Database• Step 4. Check the Certificate Database for the CA Certificate• Step 5. Configure Registration Manager’s Connector SettingsStep 1. Find the Required InformationBefore setting up a Registration Manager to function as a trusted manager toanother CMS subsystem:• Note identifying information, such as the instance ID and host name of theRegistration Manager.• Make sure that the Registration Manager has the certificate you want it to usefor SSL client authentication to the subsystem that will trust it; by default, theRegistration Manager uses its signing certificate for this purpose. The certificatemust be currently valid; the certificate must not have expired, been revoked, orbeen signed by an authority untrusted by the subsystem. For details, see“Trusted Manager’s Certificate for SSL Client Authentication” on page 397.• Locate the certificate in base-64 encoded format. Copy the certificate, includingthe -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----marker lines, to a text file.• Identify the subsystem—Certificate Manager, Registration Manager, or DataRecovery Manager—to which you want to connect the Registration Manager.Note details, such as the host name and port number of that subsystem.• If you are planning to connect the Registration Manager to a CertificateManager, keep this in mind: during the installation of a Registration Manager,you generated a signing certificate for the Registration Manager. If yourequested the signing certificate from a Certificate Manager, you were given an