Certificate Issuance to Servers798 Netscape Certificate Management System Installation and Setup Guide • October 2001Once an administrator generates a CSR for a server, he or she must paste it into theappropriate server enrollment form hosted by a Registration Manager orCertificate Manager, and then submit the request. Upon receipt of the request,Certificate Management System responds as follows:1. Verifies the validity and authenticity of the request.The authentication mechanism that Certificate Management System uses isbased on the authentication mechanism specified in the enrollment form theadministrator uses to submit the certificate request. For example, if theenrollment form was configured to employ directory-based authentication,Certificate Management System checks the configured directory for theappropriate information. On the other hand, if the enrollment form specifiesmanual authentication, the request gets queued and awaits approval by anagent.2. Subjects the request to policy checks.If the request passes all the policy rules, Certificate Management Systemgenerates the server certificate and sends it to the email address specified in theserver certificate request (the enrollment form includes a field for theadministrator to enter this information). Otherwise, Certificate ManagementSystem logs an error message.Upon receipt of the certificate, the server administrator installs the certificate in theserver’s certificate database.How the Manual Server Enrollment ProcessWorksFigure 24-1 illustrates how Certificate Management System issues a servercertificate in a deployment scenario involving a Registration Manager acting as anenrollment authority to a Certificate Manager. The server certificate is requestedvia a manual enrollment form hosted by the Registration Manager.