End Entities and Life-Cycle Management98 Netscape Certificate Management System Installation and Setup Guide • May 2002End Entities and Life-Cycle ManagementCertificate Management System provides default web forms for all end-entityinteractions involved in managing the life cycle of a certificate. It also providesforms, collectively called Agent Services, for agent interactions. These forms can beused as is or customized. The Netscape Personal Security Manager is a softwarethat improves the PKI abilities of Netscape Communicator 4.7x versions; PersonalSecurity Manager is built into Netscape 6x.)The sections that follow introduce the end-entity forms and protocols.• Life-Cycle Management Formats and Protocols• Access to Subsystems• HTML Forms for End Users• Netscape Personal Security ManagerLife-Cycle Management Formats and ProtocolsThe Registration Manager and Certificate Manager provide default HTML formsthat use different protocols and life-cycle management procedures for differentkinds of end entities. For example, end entities running versions of Communicatorearlier than 4.5 need to be presented with an enrollment form based on the use ofthe HTML tag KEYGEN to generate keys. End entities running Microsoft InternetExplorer require a form containing VBScript XENROLL commands. These varioustags, scripts, and protocols result in enrollment messages that are sent back to theCertificate Manager or Registration Manager in a variety of nonstandard andstandards-based formats.Table 2-1 summarizes the message formats, cryptographic algorithms, and keypairs (single or dual) supported by Certificate Management System for the maincategories of end-entity software. Note that, for the purposes of enrollment, CMSmanagers are also end entities. CMS managers installed in different instances needSSL client and SSL server certificates to identify themselves. For more informationabout the standards listed in Table 2-1, see “Standards Summary” on page 77.