System OverviewChapter 1 Introduction to Certificate Management System 41Java SDK extension mechanism for customizationThe software development kit (SDK) provided with Certificate ManagementSystem includes APIs and tutorials for customizing different aspects of the system.You can write the following custom modules:• Authentication—for authenticating end entities during certificate enrollment.• Policy—for setting the rules applied by the individual subsystems.• Jobs—for PKI-related jobs that run with the individual systems.• Mapper and publisher classes—for publishing certificates and CRLs to anLDAP-compliant directory, flat file, and an OCSP responder.For information about writing custom plug-ins, see “CMS SDK” on page 65.For information on customizing end-entity and agent interfaces (HTML forms andtemplates), see CMS Customization Guide.Easy upgrade from previous versions of Certificate ManagementSystemCertificate Management System provides an easy upgrade path from its previousversion.GUI-based server installation and managementAn installation wizard automates the installation and initial configuration process,helping you install Certificate Management System quickly and easily. Then afterinstallation, you can locally or remotely administer Certificate ManagementSystem from various computers on your network (using the encryption, messageintegrity, and authentication services of SSL) with the help of an administrationinterface called the Certificate Management System window or the CMS window.For more information, see “The CMS Window” on page 327.System OverviewCertificate Management System provides a highly scalable, easily deployablecertificate infrastructure for supporting encryption, authentication, tamperdetection, and digital signatures in networked communications. It is based on openstandards and protocols that include the following:• Public-Key Cryptography Standard (PKCS) #11