Keys and Certificates for the Main SubsystemsChapter 14 Managing CMS Keys and Certificates 429SSL Server Key Pair and CertificateEvery Data Recovery Manager you have installed has at least one SSL servercertificate. The first time you generated this certificate is when you installed theData Recovery Manager. The default nickname for the certificate isServer-Cert cert-, where identifies the CMSinstance in which the Data Recovery Manager is installed.The Data Recovery Manager’s SSL server certificate was issued by the CA to whichyou submitted the certificate signing request. You might have submitted therequest to the Certificate Manager that is installed in the same instance, aninternally deployed CA, or a public CA. To find out the issuer name, follow theinstructions in “Viewing the Certificate Database Content” on page 482.The Data Recovery Manager uses its SSL server certificate to do SSL server-sideauthentication to the following:• The end entity services interface (the HTTPS port)• The Data Recovery Manager Agent Services interfaceBy default, the Data Recovery Manager uses a single SSL server certificate forauthentication purposes. However, you can request and install additional SSLserver certificates for the Data Recovery Manager. For example, you can configurethe Data Recovery Manager to use separate server certificates for authenticating toNetscape Console, the end entity services interface, and the Data RecoveryManager Agent Services interface. For instructions, see “Configuring the Server toUse Separate SSL Server Certificates” on page 459.Online Certificate Status Manager’s Key Pairsand CertificatesThe Online Certificate Status Manager uses the following certificates:• OCSP Signing Key Pair and Certificate• SSL Server Key Pair and CertificateOCSP Signing Key Pair and CertificateEvery Online Certificate Status Manager you have installed has a certificate,identified as the Online Certificate Status Manager signing certificate, whose publickey corresponds to the private key the Online Certificate Status Manager uses tosign OCSP responses before sending them to OCSP-compliant clients. The OnlineCertificate Status Manager’s signature provides persistent proof to an