Road Map to Configuring SubsystemsChapter 10 CMS Configuration 355Step 1. Check Which Subsystem is Installed in the InstanceLog in to the CMS window for the CMS instance you installed, and check thenavigation tree to see which subsystem is installed in that instance. To log in to theCMS window, see “Logging In to the CMS Window” on page 333.Step 2. Check the Port NumbersCheck the port numbers assigned for administration, agent, and end-entityoperations. Make the appropriate modifications, if necessary. For instructions, see“Configuring Port Numbers” on page 362.Step 3. Verify Key Pair and CertificatesWhen you install a CMS instance, the server prompts you to create the certificatesrequired for the subsystem. You should check the certificates used by eachsubsystem and determine whether you need to get additional certificates, usehardware tokens, and so on.• Each subsystem in an instance has a set of certificates that it uses for specificpurposes. Understand how and when the subsystem uses its certificates. Fordetails, see “Keys and Certificates for the Main Subsystems” on page 420.• Determine if you want to generate any new certificates. For details, see“Getting New Certificates for the Subsystems” on page 465.• Determine if you want to use hardware tokens for generating and storing thesecertificates. If required, install new hardware tokens. For details, see “Tokensfor Storing CMS Keys and Certificates” on page 431.• Determine if you want to renew any of the existing certificates. For example, ifyou have issued certificates with very short validity periods, you might wantto renew them. For details, see “Renewing Certificates for the Subsystems” onpage 474.• Check the certificate database to see which CA certificates are trusted. Deleteany unwanted CA certificates, change the trust settings of CA certificates thatyou don’t want to trust to untrusted, and install any new CA certificate orcertificate chains. For details, see “Managing the Certificate Database” onpage 481.Step 4. Set up Privileged UsersSet up required administrators and agents. This way you can delegateadministration and agent tasks to other individuals. For details, see “Setting UpPrivileged Users” on page 388.