Keys and Certificates for the Main SubsystemsChapter 14 Managing CMS Keys and Certificates 445Registration Manager’s Key Pairs andCertificatesThe Registration Manager uses the following certificates:• Signing Key Pair and Certificate• SSL Server Key Pair and Certificate• Remote Administration Server CertificateSigning Key Pair and CertificateEvery Registration Manager you have installed has a certificate, identified as theRegistration Manager signing certificate, whose public key corresponds to the privatekey the Registration Manager uses to sign certificate requests before sending themto the Certificate Manager for signing. The Registration Manager’s signatureprovides persistent proof to the Certificate Manager that the Registration Managerhas processed the request. The first time you generated this certificate is when youinstalled the Registration Manager. The default nickname for the certificate israSigningCert cert-, where identifies the CMSinstance in which the Registration Manager is installed.The Registration Manager’s signing certificate was issued by the CA to which yousubmitted the certificate signing request. You might have submitted the request toan internally deployed CA or a public CA. To find out the issuer name, follow theinstructions in “Viewing the Certificate Database Content” on page 502.If you configure the Registration Manager to function as a trusted manager toanother subsystem, the Registration Manager uses its signing certificate for SSLclient authentication to the subsystem; this is the default configuration. For details,see “Trusted Manager’s Certificate for SSL Client Authentication” on page 397.SSL Server Key Pair and CertificateEvery Registration Manager you have installed has at least one SSL server certificate.The first time you generated this certificate is when you installed the RegistrationManager. The default nickname for the certificate isServer-Cert cert-, where identifies the CMSinstance in which the Registration Manager is installed.The Registration Manager’s SSL server certificate was issued by the CA to whichyou submitted the certificate signing request. You might have submitted therequest to an internally deployed CA or a public CA. To find out the issuer name,follow the instructions in “Viewing the Certificate Database Content” on page 502.