Configuring the Certificate Manager118 Netscape Certificate Management System Administrator’s Guide • February 2003The serial number range enables you to deploy multiple CAs, balancing thenumber of certificates each CA issues. Note that the combination of an issuername and a serial number uniquely identifies a certificate. To ensure that twodistinct certificates issued by the same authority doesn’t contain the same serialnumber, make sure the serial number range does not overlap among clonedCAs.Also note that when a CA exhausts all its serial numbers, you can revive it bychanging the values in the “Next serial number” and “Ending serial number”fields, followed by restarting the Certificate Manager.Default Signing Algorithm section. Specifies the signing algorithm theCertificate Manager should use for signing certificates. The choices are “MD2with RSA”, “MD5 with RSA”, and “SHA1 with RSA”, if the CA’s signing keytype is RSA and “SHA1 with DSA”, if the CA’s signing key type is DSA.Note that the signing algorithm specified in the Certificate Manager’s policyconfiguration or certificate profile configuration overrides the algorithm youselect here.4. To save your changes, click Save.Setting Up AuthenticationThe first step in configuring enrollment is setting up authentication. You can set upmore than one type of authentication. Each type you set up must be associated witha particular form in the interface. If you are using the certificate profile feature forenrollments, the forms are dynamically generated with the content beingdetermined by the inputs you set for a particular certificate profile. You can evenset up the same method of authentication and associated more than one form withit. You might do this if you wanted to change other aspects of the enrollment.For example, you might want to create an automated enrollment that requiresLDAP authentication. You have two classes of employees, permanent andtemporary. You want to issue both classes of employees certificates using LDAPauthentication, but you want to issue each of these classes certificates with differentvalidity periods and different extensions. You can create two different forms, bothusing LDAP authentication, but each having different policies associated with theform.You can configure the enrollment method to be agent-approved or automated.
