Configuring the Certificate ManagerChapter 3 Certificate Manager 111• Members of the Auditor group can view the signed audit log, and can viewconfiguration settings, but cannot perform any other operations onconfiguration settings and do not have access to the agent services interface.• Members of the Certificate Manager Agent group can view configurationsettings in the administrative interface, but cannot perform any otheroperations on the configuration settings. They can perform all operations forall tasks associated with the agent services interface. They are allowed tocommunicate with the CA via the agent services port.• Members of the Trusted Manager group are allowed to communicate with theCertificate Manager.Managing Certificates and the CertificateDatabaseThe CA signing certificate, SSL encryption certificate, and OCSP signing certificateare created and installed during the installation of the Certificate Manager. See“Certificate Manager Certificates,” on page 85 for more information about thesecertificates and the things you should consider before getting these certificates.CMS contains a Certificate Wizard that allows you to create additional certificates,or to renew or replace a certificate for the Certificate Manager. See “CertificateSetup Wizard,” on page 298 for details of using the wizard and about renewing orreplacing a subsystem certificate.Trust Settings and CA CertificatesThe trusted database also contains the CA certificates for those CAs that thesubsystem trusts. If your subsystem has certificates from a CA or acceptscertificates that are issued by a CA, it must have a copy of those CA certificates inthe trusted database, and they must be configured as trusted, see “Changing theTrust Settings of a CA Certificate,” on page 296 and “Installing a New CACertificate in the Certificate Database,” on page 297.Certificate ChainYou may also need to install a certificate chain in the database to provide the chainof CAs to a trusted CA. See “Installing a CA Certificate Chain in the CertificateDatabase,” on page 298.
