Federal Bridge CAChapter 3 Certificate Manager 127When an end entity makes the request, they are asked to present their certificate. Ifthey have the certificate and the key materials, the request is processed and sent tothe Certificate Manager and the certificate is revoked. Once approved, the signedrequest is sent to the Certificate Manager and the certificate is revoked. TheCertificate Manager marks the certificate as revoked in its database, and adds it toany CRLs that are applicable.An agent can revoke any certificate issued by the Certificate Manager. They do thisby searching for the certificate in the agent services interface and then marking itrevoked.Once a certificate is revoked, it is marked revoked in the database, and in thepublishing directory if the Certificate is set up for publishing.If you enabled and configured the internal OCSP service, the service determinesthe status of certificates by looking them up in the internal database and reportingon the status of the certificate.You can set up an automated notifications that send an email message to the endentity when their certificate is revoked. You set this up by enabling andconfiguring the Certificate Revoked notification message, and customizing theemail template associated with this notification.Federal Bridge CACMS supports Federal Bridge Certificate Authority (FBCA) by providing thecapability to issue, import, and publish cross-pair CA certificates.With cross-pair certificates, one CA signs and issues a cross-pair certificate to asecond CA, and the second CA signs and issues a cross-pair certificate to the firstCA. Both CAs then store and or publish both certificates as acrossCertificatePair.This may be done when you want to honor certificates issued by a CA that does notchain up to your root CA. By establishing a trust between your CA and another CAthrough a cross-pair CA certificate, you can download this cross-pair certificateusing it to trust the certificates that are issued by the other CA.
