Agent CertificatesChapter 8 Authorization 3393. When the user receives the certificate, the user must import the certificate intothe web browser they will use to access the subsystem. It is a good idea to askthe user to inform you that the certificate has been installed.After the user imports the certificate into the web browser, you need to copythe certificate (in base-64 encoded form) in order to be able to add it to asubsystem’s internal database.4. Access the end entities interface.5. Click the Retrieval tab.6. In the left frame, click either the List Certificates or Search For Certificates link,and search for the user’s certificate.7. In the page listing the results of your search, click the Details button (next tothe corresponding user’s entry) to see detailed information about thecertificate.8. Scroll down to the Installing This Certificate in a Client section containing theuser’s certificate in base-64 encoded form.9. Copy the base-64 encoded certificate, including the -----BEGINCERTIFICATE----- and -----END CERTIFICATE----- marker lines, to a textfile.10. Save the text file and use it to store a copy of the certificate in a subsystem’sinternal database. See “Setting up Administrators, Agents, and Auditors,” onpage 328.Revocation Status Checking of AgentCertificatesYou can configure a Certificate Manager and Registration Manager to check therevocation status of an agent’s certificate the server receives during SSL clientauthentication. You can configure a Data Recovery Manager (or Online CertificateStatus Manager) to check the revocation status of its agents’ certificates only if youhave deployed an OCSP responder and have issued agent certificates withAuthority Information Access extension pointing to the OCSP responder. Forinformation about adding Authority Information Access extension to certificates,see “Configuring Policy Rules for a Subsystem” on page 489. For information aboutsetting up an OCSP responder, see Chapter 5, “OCSP Responder.”