System Architecture60 Netscape Certificate Management System Administrator’s Guide • February 2003responder only takes OCSP request format, while a DRM does not provide anyend-entity services. The client applications used to access this entry point musthave the capability to act as an SSL client. A common client application is abrowser such as the Netscape browser.• Agent Entry Point—provides entry point for agent interface andinter-CIMC_Boundary interface. A set of customizable HTML forms areprovided at this port for CA, RA, and DRM agent users to perform agent tasks.The client applications used to access this entry point must have the capabilityto act as an SSL client. A common client application is a browser such as theNetscape browser.• Administrators Entry Point—provides entry point for administrationconfiguration interface, and for auditor's audit log viewing. The clientapplications used to access this entry point must have the capability to act as anSSL client. A common client application is bundled with the CMS product isNetscape Console, a java application that provides a GUI interface andunderstands the protocol provided by the CMS Administration Interface.Service InterfacesEach of the subsystems contains interfaces allowing interaction with variousportions of the subsystem. All four subsystems share a common administrativeinterface. All four subsystems have an agent interface that allows for agents toperform the tasks assigned to them. A CA Subsystem and an RA Subsystem havean end-entity services interface allowing end entities to enroll in the PKI. An OCSPresponder subsystem has an end-entity services interface allowing end entities andapplications to check for current certificate revocation statusWhile the HTTP Engine provides the connection entry points, CMS completes theinterfaces by providing the servlets specific to each interface.End-Entity Services InterfaceFor the CA subsystem and RA subsystem, the end-entity interface provide JAVAservlets to process HTML form submissions coming from the end-entity entrypoint. Based on the information received from the form submissions, the end-entityservlets allow end entities to enroll, renew certificates, revoke their owncertificates, and pick up issued certificates. The OCSP responder subsystem'send-entity interface provides JAVA servlets to accept and process OCSP requests.The DRM subsystem does not offer any end-entity service.
