How The Certificate Manager Works126 Netscape Certificate Management System Administrator’s Guide • February 2003❍ If the notification feature is setup, the link, where certificate can beobtained, will be sent to the end user.• You can send an automated certificate issuance notification to the end entitywhen the certificate is issued. You can also send an automated certificaterejected notification if the request was rejected.• The certificate that was issued is stored in the internal database of theCertificate Manager.• You can set up publishing for the Certificate Manager and publish thecertificate either to a file and an LDAP directory.• You can set up the internal OCSP service, which checks the status of certificatesin the internal database when a certificate status request is received.• The end-entity interface provides forms that allow for searches of certificatesthat have been issued and for the CA certificate chain.RenewalThe Certificate Manager allows for the renewal of certificates. Certificates can berenewed if the policies associated with renewal are enabled and if the requestmeets the criteria of those policies. The Certificate Manager is set up for a singlemethod of renewal. All requests are made to the renewal page of the end-entityinterface. The end entity presents their old certificate, and if they meet the policiesfor renewal, a new certificate is issued with the validity period set up in therenewal policies.Whether you set up renewals as renewals, or have end entities renew certificates asan enrollment request, you can set up automated notifications that will send anemail to users at some period before their certificate expires for a predefinedinterval of time. You set this up by enabling the jobs feature, enabling andconfiguring Certificate Renewal job, and customizing the certificate renewal emailtemplate.RevocationAn end entity can request that their own certificate is revoked.
