Configuring the Online Certificate Status Manager190 Netscape Certificate Management System Administrator’s Guide • February 2003can also create new groups and assign privileges to those groups by adding ACIentries for that group in the ACLs. For complete details about creating users,assigning users to groups, creating groups, and changing ACIs and ACLs, seeChapter 8, “Authorization.”Default ACL ConfigurationThe configuration set up for the Online Certificate Status Manager gives thefollowing privileges to members of the following groups:• Administrators can perform any operations in the administrative interfacewhich includes viewing configuration settings, changing configurationsettings, adding or deleting plug-ins, creating or deleting instances or plug-ins,viewing all logs except for the signed audit log, if you have the signed auditfeature set up. Administrators do not have any access to the agent servicesinterface or any task performed there.• Auditors can view the signed audit log, and can view configuration settings,but cannot perform any other operations on configuration settings and do nothave any access to the agent services interface.• Online Certificate Status Manager Agents can view configuration settings inthe administrative interface, but cannot perform any other operations on theconfiguration settings, they can perform all operations for all tasks associatedwith the agent services interface.• Trusted Managers all allowed to communicate with the Online CertificateStatus Manager.Managing Certificates and the CertificateDatabaseThe signing certificate and SSL encryption certificate are created and installedduring the installation of the Online Certificate Status Manager. See “OCSPCertificates,” on page 191 for more information about these certificates and thethings you should consider before getting these certificates.CMS contains a Certificate Wizard that allows you to create additional certificates,or to renew or replace a certificate for the Online Certificate Status Manager. See“Certificate Setup Wizard,” on page 298 for details of using the wizard and aboutrenewing or replacing a subsystem certificate.
