Agent Certificates338 Netscape Certificate Management System Administrator’s Guide • June 20033. Ask the user to send you the certificate information sent by the public CA. Inthe information that you receive, locate the user’s certificate in base-64 encodedform.You can also get the user’s certificate from the public CA that issued it. Accessthe public CA site, search for the user’s certificate, and locate the certificate inbase-64 encoded form.4. Copy the base-64 encoded certificate, including the -----BEGINCERTIFICATE----- and -----END CERTIFICATE----- marker lines, to a textfile.5. Save the text file and use it to store a copy of the certificate in a subsystem’sinternal database. See “Setting up Administrators, Agents, and Auditors,” onpage 328Getting an Agent’s Certificate from CertificateManagement SystemThe following general instructions explain how a user can get a client certificatefrom CMS and how you can copy that certificate (in base-64 encoded form) to theinternal database of a subsystem:1. The user sends a client certificate request to CMS from the computer that theywill use to access the subsystem from the Agent Services interface. It isimportant that user generate and submit this request from the computer theywill use later to access the subsystem, because part of this request processgenerates a private key on the local machine. Alternatively, if locationindependence is required, the user can also use a hardware token, such as asmart card, to generate and store the key pair (and the certificate when the userreceives it from the public CA).2. Depending on how your system is configured for certificate issuance, one ofthe following events happen:❍ If CMS is configured for manual certification, an issuing agent mustprocess the request and approve it for issuance. Once the request isapproved, the server issues the client certificate to the user.❍ If CMS is configured for automated certification and the request passesauthentication and policy checks, the server automatically issues the clientcertificate to the user.