Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 manuals
NETSCAPE MANAGEMENT SYSTEM 6.0
Table of contents
- netscape console
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- About This Guide
- Viewing This Guide Online
- Getting Additional Help
- To Open the Product Homepage
- Chapter 1 Introducing Netscape Console and Administration Server
- The Setup Program
- Installation Modes
- To Install Netscape Console as a Stand-Alone Application on Windows NT
- Upgrading Administration Server and Console
- To Upgrade on Windows NT
- Upgrading a Stand-Alone Version of Netscape Console
- To Upgrade a Stand-Alone Version of Netscape Console on Windows NT
- Silent Installation
- To Perform a Silent Installation
- To Uninstall a Netscape Server on UNIX
- Silent Uninstallation
- To Perform a Silent Uninstallation on Windows NT
- Starting Netscape Console and Logging In
- To Start Netscape Console on Windows NT
- Logging in to Netscape Console With a User Name and Password
- Logging in to Netscape Console Using Client Authentication
- To Request and Install a New Client Certificate
- To Make Your Client Certificate Available to Netscape Console on Windows NT
- A Tour of Netscape Console
- Netscape Console Tabs
- The Administration Domain
- To Modify an Administration Domain
- To Remove an Administration Domain
- Storing Display Settings
- Setting Display Fonts
- To Edit an Existing Font Profile
- To Use a Font Profile
- Customizing the Main Window
- Customizing Tables
- To Change the Width of Columns in a Table
- Working with Custom Views
- To Rename a Custom View
- Administration Express
- Using Administration Express
- Setting the Refresh Rate for Administration Express
- Adding a Pre-4.0 Server to the Tree
- To Add a Pre-4.0 Server to the Navigation Tree
- To Migrate from a Pre-4.0 Server to a Newer Version
- Working with Netscape Servers
- Creating a New Server Instance
- To Create a New Server Instance
- Cloning a Server
- Uninstalling a Netscape Server
- To Merge Configuration Data from Two Directory Servers
- Interacting with Directory Server
- Using Distinguished Names
- Attributes
- DN and Attribute Guidelines and Syntax
- Locating a User or Group in the Directory
- To Locate Users or Groups in the Directory
- Choosing a Different Directory to Search
- Users
- The User's Preferred Language
- To Create an Administrator
- To Enable Windows NT and UNIX Panels for an Individual User
- To Set Windows NT and UNIX Options and Attributes for a New User
- Groups
- To Create a Static Group in the Directory
- To Add Users to the Configuration Administrators Group
- To Create a Dynamic Group
- To Create a Certificate Group
- Organizational Units
- Modifying Existing Directory Entries
- To Change the Configuration Administrator's User Name or Password
- To Change the Administration Server Administrator's User Name or Password
- Restarting Administration Server
- To Restart the Server from Netscape Console
- To Restart the Server from the NT Control Panel
- To Stop the Server from the NT Control Panel
- To View the Access Log
- To Change Where Logs are Stored
- To Access the Administration Page
- Network Settings
- To Configure Network Settings
- Access Settings
- To Set Administration Server Access Settings
- Encryption Settings
- To Activate SSL on Administration Server
- Directory Settings
- Changing the Host or Port Number
- The User Directory
- User Directory Settings
- To Change the User Directory Settings for a Domain
- To Change User Directory Settings for a Server Group
- admconfig
- Options
- Tasks and Their Arguments
- Examples
- ldapsearch, ldapmodify, and ldapdelete
- Syntax
- Tasks and Options
- Usage
- JAR Information File
- JAR Information File Syntax
- Examples of Using modutil
- Part 4 Advanced Server Management
- Chapter 9 Access Control
- Examples of Access Control
- Setting Access Permissions For Servers
- Working With Access Control Instructions
- Bind Rules
- To Specify What You Want an ACI to Apply To
- To Create a New ACI with the Visual ACI Editor
- To Create a New ACI with the Manual ACI Editor
- To Edit an Existing ACI with the ACI Editor
- To Remove an ACI
- The SSL and TLS Protocols
- SSL and TLS Ciphers
- Preparing to Use SSL and TLS Encryption
- To Install an External Security Device
- Obtaining and Installing a Server Certificate
- Preparing to Set Up SSL and TLS
- Sending a Server Certificate Request
- Installing the Certificate
- To Install a CA Certificate or Server Certificate Chain
- Backing Up and Restoring Your Certificate Database
- Activating SSL
- Managing Server Certificates
- Changing the CA Trust Options
- To Change a Security Device Password
- To View, Add, or Delete a CRL or CKL
- Using Client Authentication
- Preparing to Use Client Authentication
- DNComps
- FilterComps
- CmapLdapAttr
- To Edit the certmap.conf File
- Example certmap.conf Mappings
- Example of a Mapping with an Attribute Search
- To Set Up Client Authentication Between Servers
- Client Authentication for Users
- SNMP Basics
- How SNMP Works
- The Administration Server MIB
- Types of SNMP Messages
- Setting Up SNMP on UNIX
- Using a Proxy SNMP Agent on UNIX
- Installing and Starting the Proxy SNMP Agent
- To Restart the Native Agent
- Configuring the Master Agent on UNIX
- To Add, Edit, or Remove a Community String using Netscape Console
- To Add, Edit, or Remove a Trap Destination
- Manually Configuring the Master Agent
- Editing the Master Agent Config File
- Starting the Master Agent on UNIX
- Starting the Agent from the Command Line
- To Start the Agent on a Non-Standard Port using System Services
- Part 5 Appendixes
- Appendix A Fortezza
- How Fortezza Crypto Cards are Certified
- CRLs and CKLs
- To Enable Fortezza on Administration Server
- Internet Security Issues
- Encryption and Decryption
- Symmetric-Key Encryption
- Public-Key Encryption
- Key Length and Encryption Strength
- Digital Signatures
- Certificates and Authentication
- A Certificate Identifies Someone or Something
- Authentication Confirms an Identity
- Password-Based Authentication
- Certificate-Based Authentication
- How Certificates Are Used
- SSL Protocol
- Form Signing
- Object Signing
- Contents of a Certificate
- A Typical Certificate
- How CA Certificates Are Used to Establish Trust
- CA Hierarchies
- Certificate Chains
- Verifying a Certificate Chain
- Managing Certificates
- Certificates and the LDAP Directory
- Renewing and Revoking Certificates
- Registration Authorities
- The SSL Protocol
- Ciphers Used with SSL
- Cipher Suites With RSA Key Exchange
- Fortezza Cipher Suites
- The SSL Handshake
- Server Authentication
- Man-in-the-Middle Attack
- client authentication
NETSCAPE MANAGEMENT SYSTEM 6.0
Table of contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- About This Guide
- Part I: Server Basics
- Part III: Configuring, Monitoring, and Performance Tuning
- Part V: Appendixes
- Part 1 Server Basics
- Enterprise Server Features
- Administering and Managing Enterprise Servers
- Content Engines
- Runtime Environments
- Enterprise Server Configuration
- Enterprise Server Configuration Files
- Dynamic Reconfiguration
- UNIX and Linux Platforms
- Virtual Server Configuration
- Server Manager
- Using the Resource Picker
- Wildcards Used in the Resource Picker
- Virtual Server Manager
- Accessing the Administration Server
- Windows NT Platforms
- Running Multiple Servers
- Removing a Server
- Migrating a Server
- Part 2 Using the Administration Server
- Editing Listen Socket Settings
- Changing the Superuser Settings
- Allowing Multiple Administrators
- Specifying Log File Options
- The Access Log File
- Using Cron-based Log Rotation (UNIX/Linux)
- Restricting Server Access
- managing users and groups
- Understanding Distinguished Names (DNs)
- Creating Users
- How to Create a New User Entry
- Managing Users
- Building Custom Search Queries
- Editing User Information
- Managing a User's Password
- Renaming Users
- Creating Groups
- Static Groups
- How Enterprise Server Implements Dynamic Groups
- Groups Can Be Static and Dynamic
- To Create a Dynamic Group
- Finding Group Entries
- Adding Group Members
- Adding Groups to the Group Members List
- Managing See Alsos
- Renaming Groups
- Managing Organizational Units
- Editing Organizational Unit Attributes
- Renaming Organizational Units
- Managing a Preferred Language List
- Using Certificates for Authentication
- Virtual Server Certificates
- Using password.conf
- Requesting and Installing a VeriSign Certificate
- Installing a VeriSign Certificate
- Required CA Information
- Requesting Other Server Certificates
- Installing Other Server Certificates
- Migrating Certificates When You Upgrade
- Using the Built-in Root Certificate Module
- Managing Certificates
- Installing and Managing CRLs and CKLs
- Managing CRLs and CKLs
- Setting Security Preferences
- SSL and TLS Protocols
- Enabling Security for Connection Groups
- Selecting a Server Certificate for a Connection Group
- Selecting Ciphers
- Configuring Security Globally
- SSLSessionTimeout
- Using External Encryption Modules
- Using pk12util
- Selecting the Certificate Name for a Connection Group
- FIPS-140 Standard
- Setting Client Security Requirements
- Requiring Client Authentication
- To Require Client Authentication
- Using the certmap.conf File
- Creating Custom Properties
- Setting Stronger Ciphers
- Considering Additional Security Issues
- Limit Physical Access
- Choosing Solid Passwords
- Changing Passwords or PINs
- Limiting Other Applications on the Server
- Knowing Your Server's Limits
- Specifying chroot for a Virtual Server Class
- managing server clusters
- Guidelines for Using Server Clusters
- Setting Up a Cluster
- Adding a Server to a Cluster
- Modifying Server Information
- Removing Servers from a Cluster
- Adding Variables
- Part 3 Configuring, Monitoring, and Performance Tuning
- starting and stopping the server
- Setting the Termination Timeout
- Restarting the Server (UNIX/Linux)
- Restarting With Inittab (UNIX/Linux)
- Stopping the Server Manually (UNIX/Linux)
- Using the Automatic Restart Utility (Windows NT)
- Tuning Your Server for Performance
- Editing the magnus.conf File
- Choosing MIME Types
- Restoring Configuration Settings
- Adding and Using Thread Pools
- Using Thread Pools
- What Is Access Control
- Setting Access Control for User-Group
- Default Authentication
- SSL Authentication
- Digest Authentication
- Other Authentication
- Using Access Control Files
- Configuring the ACL User Cache
- Setting Access Control
- Setting Access Control for a Server Instance
- Selecting Access Control Options
- Specifying the From Host
- Restricting Access to Programs
- Setting Access Rights
- Writing Customized Expressions
- Responding When Access is Denied
- Restricting Access to the Entire Server
- Restricting Access to a Directory (Path)
- Restricting Access to a URI (Path)
- Restricting Access Based on Time of Day
- Restricting Access Based on Security
- Working with Dynamic Access Control Files
- Enabling .htaccess from the User Interface
- Enabling .htaccess from magnus.conf
- Converting Existing .nsconfig Files to .htaccess Files
- Using htaccess-register
- Example of an .htaccess File
- deny
- AuthName
- order
- require
- Accessing Databases from Virtual Servers
- Specifying LDAP Databases in the User Interface
- About Log Files
- Viewing an Access Log File
- Viewing the Error Log File
- Archiving Log Files
- Internal-daemon Log Rotation
- Setting Log Preferences
- Easy Cookie Logging
- running the log analyzer
- Viewing Events (Windows NT)
- monitoring servers
- Monitoring the Server Using Statistics
- Using Statistics
- Quality of Service Example
- Setting Up Quality of Service
- Required Changes to obj.conf
- SNMP Basics
- The Enterprise Server MIB
- Setting Up SNMP
- Using a Proxy SNMP Agent (UNIX/Linux)
- Installing the Proxy SNMP Agent
- Starting the Proxy SNMP Agent
- Installing the SNMP Master Agent
- Enabling and Starting the SNMP Master Agent
- Manually Configuring the SNMP Master Agent
- Defining sysContact and sysLocation Variables
- Starting the SNMP Master Agent
- Starting the SNMP Master Agent Using the Administration Server
- Enabling the Subagent
- Chapter 11 Tuning Your Server for Performance
- Chapter 12 Using Search
- Configuring Text Search
- Controlling Search Access
- Eliminating Words from Search
- Turning Search On or Off
- Configuring the Search Parameters
- Configuring Your Search Pattern Files
- Configuring Files Manually
- The Configuration Files
- Indexing Your Documents
- About Collection Attributes
- Creating a New Collection
- Configuring a Collection
- Updating a Collection
- Maintaining a Collection
- Scheduling Regular Maintenance
- Removing Scheduled Collection Maintenance
- Search Home Page
- Guided Search
- Advanced Search
- The Search Results
- Sorting the Results
- Displaying Collection Contents
- Default Assumptions
- Search Rules
- Using Query Operators as Search Words
- Using Wildcards
- Non-alphanumeric Characters
- Dynamically Generated Headers and Footers
- Search Function Syntax
- URL Encodings
- Required Search Arguments
- Using Pattern Variables
- configuration file variables
- Macros and Generated Pattern Variables
- Part 4 Managing Virtual Servers and Services
- Virtual Servers Overview
- Multiple Server Instances
- Virtual Server Classes
- Virtual Servers in a Class
- Connection Groups
- Types of Virtual Servers
- URL-Host-Based Virtual Servers
- Virtual Server Selection for Request Processing
- Document Root
- Migrating Virtual Servers from a Previous Release
- Using Access Control with Virtual Servers
- Using the Virtual Server User Interface
- Using Variables
- Setting Up Virtual Servers
- Creating a Connection Group
- Creating a Virtual Server Class
- Specifying Services Associated with a Virtual Server Class
- Access Control
- Deploying Virtual Servers
- Example 2: Secure Server
- Example 3: Intranet Hosting
- Example 4: Mass Hosting
- Creating a Virtual Server
- Editing Virtual Server Settings
- Generating Reports for a Virtual Server
- Editing Using the Class Manager
- Configuring Virtual Server MIME Settings
- configuring virtual server quality of service settings
- Configuring Virtual Server Log Settings
- Configuring Virtual Server Java Web Application Settings
- Overview of Server-Side Programs
- Types of Server-Side Applications That Run on the Server
- Overview of Servlets and JavaServer Pages
- What the Server Needs to Run Servlets and JSPs
- Working with Web Applications
- Deploying and Editing Web Applications with the User Interface
- Deploying Servlets and JSPs Not in Web Applications
- Installing CGI Programs
- Overview of CGI
- Specifying a CGI Directory
- Specifying CGI as a File Type
- Installing Windows NT CGI Programs
- Specifying a Windows NT CGI Directory
- Specifying Windows NT CGI as a File Type
- Installing Shell CGI Programs for Windows NT
- Specifying a Shell CGI Directory (Windows NT)
- Specifying Shell CGI as a File Type (Windows NT)
- Using the Query Handler
- content management
- Setting the Primary Document Directory
- Setting Additional Document Directories
- Customizing User Public Information Directories (Unix/Linux)
- Restricting Content Publication
- Using Configuration Styles
- Setting the Document Preferences
- Specifying a Server Home Page
- Parsing the Accept Language Header
- Customizing Error Responses
- Changing the Character Set
- Setting the Document Footer
- Using htaccess
- Setting Cache Control Directives
- Using Stronger Ciphers
- Creating a Configuration Style
- Assigning a Configuration Style
- Listing Configuration Style Assignments
- Removing a Configuration Style
- Part 5 Appendixes
- Formatting LDIF Entries
- HttpServerAdmin (Virtual Server Administration)
- control Command
- Syntax
- Options
- Create Connection Group
- Create Virtual Server
- delete Command
- Delete Connection Group
- Delete Virtual Server
- Example
- About HyperText Transfer Protocol (HTTP)
- Requests
- Request Header
- Status Code
- Response Header
- Appendix C ACL File Syntax
- Authentication Methods
- Authorization Statements
- Hierarchy of Authorization Statements
- Attribute Expressions
- operators for expressions
- The Default ACL File
- Referencing ACL Files in obj.conf
- General Information
- Entering UTF-8 Data
- Using Other Language Settings
- Search Information
- Searching in Japanese
- auto
- none
- Overview
- Types of FrontPage Webs
- Domain Names and FrontPage Webs
- Downloading the Extensions
- Space Requirements
- Some Additional Considerations
- Installing FrontPage97 Server Extensions on UNIX /Linux Systems
- Installing FrontPage98 Server Extensions on UNIX /Linux Systems
- Installing FrontPage2000 Server Extensions on UNIX /Linux Systems
- further information
NETSCAPE MANAGEMENT SYSTEM 6.0
Table of contents
- Table Of Contents
- Table Of Contents
- About This Guide
- Document Conventions
- How to Use Online Help
- Supported Platforms
- UNIX/Linux
- Other Technical Requirements
- Enterprise ServerCreating a DNS Alias for the Server
- Windows NT User Accounts for the Server
- Choosing Unique Port Numbers
- Installation Overview
- Installing Netscape Communicator
- Installing Directory Server
- Installing Netscape Console
- Accessing Enterprise Server from the Netscape Console
- Installing on UNIX Platforms
- Unpacking the Files
- Running Setup
- Express Installation
- Installing Across Multiple Machines
- Using Templatized Installation
- Using Silent Installation
- Using Uninstall on UNIX
- Installing on Windows NT
- Installing from an Enterprise Server CD
- Using Uninstall on Windows NT
- Enterprise Server 6.0 Changes
- JavaServer Pages
- Virtual Servers
- Start and Stop Scripts
- The Migrate Server Page
- Migrating the Administration Server
- Migrating Certificates
- Migrating NSAPI Applications
NETSCAPE MANAGEMENT SYSTEM 6.0
Table of contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- Table Of Contents
- About This Guide
- What You Should Already Know
- Conventions Used in This Guide
- Where to Go for Related Information
- Part 1 Overview and Demo Installation
- Overview of Key Features
- Flexible end-entity registration services framework
- System Overview
- Public-Key Infrastructure
- CMS Subsystems or Managers
- Certificate Manager
- Registration Manager
- Data Recovery Manager
- Online Certificate Status Manager
- Basic System Configuration
- Plug-in Modules
- Policy Plug-in Modules
- Job Plug-In Modules
- Mapper and Publisher Plug-in Modules
- Event-Driven Notifications
- Command-Line Utilities
- Entry Points for Various Types of Users
- Agent Services Interface
- Registration Manager Agent Services
- Data Recovery Manager Agent Services
- Online Certificate Status Manager Agent Services Interface
- End-Entity Services Interface
- System Architecture
- JSS and the Java/JNI Layer
- Authentication and Policy Modules
- Security and Directory Protocols
- Some Enrollment Scenarios
- Extranet/E-Commerce: ExampleCorp
- Enrolling Existing Customers
- Enrolling New Customers
- Enrolling Extranet Users
- PIN Registration: Atlas Manufacturing
- VPN Client Enrollment and Revocation
- Router Enrollment and Revocation
- End Entities and Life-Cycle Management
- Access to Subsystems
- HTML Forms for End Users
- Netscape Personal Security Manager
- System Requirements
- Overview of the Default Demo
- Demo Passwords
- Installing the Default Demo
- Step 2. Run the Installation Wizard
- Step 3. Get the First User Certificate
- If You Need the First Agent Form Again
- Using the Default Demo
- Viewing Issued Certificates From the Agent Gateway
- Enrolling for a Certificate From the End-Entity Gateway
- Finding and Approving a Certificate Request
- Setting Your Browser to Use the Agent Certificate
- Create a Policy
- Use an LDAP Directory
- Step 1. Enable Directory-Based Authentication
- Step 2. Add a User to the Directory
- Step 3. Enroll with Directory-Based Authentication
- Publish Certificates to an LDAP Directory
- Configure the Publishing Destination
- Set Rules for Publishing Certificates
- Update the Publishing Directory
- Send Renewal Reminders
- Configuring a Mail Server for Certificate Management System
- Configuring Certificate Management System to Send Renewal Reminders
- Part 2 Planning and Installation
- Topology Decisions
- Certificate Manager and Registration Manager
- Certificate Manager and Data Recovery Manager
- Certificate Manager, Data Recovery Manager, and Registration Manager
- Cloned Certificate Manager
- CA's Distinguished Name
- CA Signing Certificate's Validity Period
- CAs and Certificate Extensions
- Cryptographic Token Decisions
- Publishing Decisions
- Publishing CRLs to the Online Certificate Status Manager
- Subsystem Certificate Decisions
- Certificate Manager Certificates
- Data Recovery Manager Certificate and Storage Key
- Authentication Decisions
- Information for UNIX Installation Script
- User/Group Directory Server
- Administration Server Information
- Certificate Management System Identifier
- Configuration Directory Settings
- Administration Server Port
- Token Logon or Single Sign-On Password
- Subsystems
- Network Configuration
- Key-Pair Information for CA Signing Certificate
- Validity Period for CA Signing Certificate
- CA Signing Certificate Request
- Subject Name for Registration Manager Signing Certificate
- Registration Manager Signing Certificate Issuer
- Subject Name for Transport Certificate
- Validity Period for Transport Certificate
- Transport Certificate Request
- Online Certificate Status Manager Configuration
- Online Certificate Status Manager Signing Certificate Request
- Online Certificate Status Manager Signing Certificate Issuer
- CA Signing Certificate
- SSL Server Key and Certificate
- Subject Name for SSL Server Certificate
- Extensions for SSL Server Certificate
- SSL Certificate Request
- Installation Overview
- Installation Stages
- Before You Begin the Installation
- Stage 1. Running the Installation Script
- Running the Installation Script on Windows NT
- Stage 2. Running the Installation Wizard
- Installing the Certificate Manager as a Root CA
- Installing the Certificate Manager as a Subordinate CA
- Installing a Standalone Registration Manager
- Installing a Standalone Data Recovery Manager
- Installing a Online Certificate Status Manager
- Stage 3. Enrolling for Administrator/Agent Certificate
- Agent Certificate for Other CMS Managers
- Stage 5. Creating Additional Instances or CA Clones
- Installing Multiple CMS Instances
- Cloning a Certificate Manager
- Step 1. Before You Begin
- Step 2. Create Instances for Clone CAs
- Installing Clone CA in a Different Server Group
- Installing Clone CA on a Separate Host
- Step 4. Copy Master CA's Certificate and Key Database
- Step 6. Configure the Clone CA
- Step 8. Establish Trust Between Master CA and Clone CAs
- Step B. Create a Privileged-User Entry for Clone CAs
- Step 9. Test Clone-Master Connection
- Step B. Approve the Request
- Step D. Revoke the Certificate
- Step 10. Use Master CA's Agent Certificate in Clone CAs
- Viewing Instance Information
- Changing the Name of an Instance
- Removing an Instance From a System
- Uninstalling Certificate Management System
- Uninstalling by Using the Windows NT Add/Remove Programs Utility
- Significance of password.conf File
- Required Start-up Information
- Starting From Netscape Console
- Starting From the Command Line
- Starting From the Windows NT Services Panel
- Stopping From Netscape Console
- Stopping From the Command Line
- Restarting From the CMS Window
- Restarting From the Command Line
- Attending to an Unresponsive Server
- Password-Quality Checker
- Part 3 Configuration
- Netscape Console
- Users and Groups Tab
- Netscape Administration Server
- Starting Administration Server
- Shutting Down Administration Server
- The CMS Window
- Tasks Tab
- Logging In to the CMS Window
- Effects of Installation Type on Configuration
- Duplicating Configuration From One Instance to Another
- Modifying the Configuration
- Guidelines for Editing the Configuration File
- Sample Configuration File
- Road Map to Configuring Subsystems
- Step 1. Check Which Subsystem is Installed in the Instance
- Step 5. Customize End-Entity and Agent Forms
- Step 8. Schedule Jobs
- Step 11. Set up Key Archival and Recovery
- Chapter 11 Setting Up Ports
- Remote Administration Port
- Agent Port
- Step 1. Specify the Port Number
- Step 2: Specify IP Addresses
- Internal Database
- Step 1. Identify the Directory Server Instance
- Step 2. Restrict Access to the Internal Database
- Privileged-User Types and Responsibilities
- Agents
- Agent's Certificate for SSL Client Authentication
- Revocation Status Checking of Agent Certificates
- Trusted Managers
- Subsystems That Can Function as Trusted Managers
- Connectors for Linking Trusted Managers
- Trusted Manager's Certificate for SSL Client Authentication
- Groups and Their Privileges
- Groups for Agents
- Group for Registration Manager Agents
- Group for Online Certificate Status Manager Agents
- Setting Up Privileged Users
- Setting Up Agents
- Setting up Agents Using the Manual Process
- Setting Up Trusted Managers
- Setting Up a Registration Manager as a Trusted Manager
- Setting Up a Certificate Manager as a Trusted Manager
- Changing Privileged-User Information
- Changing a Privileged User's Certificate
- Changing Members in a Group
- Deleting a Privileged User
- Keys and Certificates for the Main Subsystems
- Certificate Manager's Key Pairs and Certificates
- OCSP Signing Key Pair and Certificate
- CRL Signing Key Pair and Certificate
- SSL Server Key Pair and Certificate
- Registration Manager's Key Pairs and Certificates
- Data Recovery Manager's Key Pairs and Certificates
- Transport Key Pair and Certificate
- Online Certificate Status Manager's Key Pairs and Certificates
- Tokens for Storing CMS Keys and Certificates
- External Token
- Managing Tokens Used by the Subsystems
- Changing a Token's Password
- Hardware Cryptographic Accelerators
- Using the Wizard to Request a Certificate
- Step 1. Select the Operation
- Step 2. Choose the Certificate
- Step 3. Specify the Key-Pair Information
- Step 4. Specify the Subject Name for the Certificate
- Step 5. Specify the Validity Period
- Step 6. Specify Extensions
- Step 7. Copy the Certificate Signing Request
- Step 8. Check the Certificate Request Status
- Using the Wizard to Install a Certificate or Certificate Chain
- Data Formats for Installing Certificates and Certificate Chains
- Step 2. Select the Certificate or Certificate Chain
- Step 3. Specify the Location of the Certificate
- Step 4. View the Certificate or Certificate Chain
- Step 6. Verify the Certificate Status
- Step 1. Get the Required SSL Server Certificates
- Getting an SSL Client Certificate for a Subsystem
- Setting Up Cipher Preferences for SSL Communications
- SSL Ciphers Supported in Certificate Management System
- Configuring the Server to Use Specific Ciphers
- Getting New Certificates for the Subsystems
- Step 1. Plan for the New Certificate
- Step 2. Request the New Certificate
- Step 4. Deploy the New Certificate
- Deploying Registration Manager's Signing Certificate
- Deploying Data Recovery Manager's Transport Certificate
- Deploying a Subsystem's SSL Server Certificate
- Renewing Certificates for the Subsystems
- Step 1. Plan for Certificate Renewal
- Step 2. Renew the Existing Certificate
- Step 3. Install the Renewed Certificate
- Deploying Certificate Manager's Renewed CA Signing Certificate
- Deploying Data Recovery Manager's Renewed Transport Certificate
- Deploying a Subsystem's Renewed SSL Server Certificate
- Step 5. Restart the Server
- Viewing the Certificate Database Content
- Changing the Trust Settings of a CA Certificate
- Installing a New CA Certificate in the Certificate Database
- Introduction to Authentication
- Privileged-User Authentication
- Authentication of Agents
- End-Entity Authentication
- Authentication of End Users During Certificate Revocation
- Configuring Authentication for End-User Enrollment
- Step 2. Set Up the Directory for PIN-Based Enrollment
- Step B. Update the Directory
- Step C. Prepare the Input File
- Step E. Check the Output File
- Step 4: Add an Authentication Instance
- Step 5. Set Up the Enrollment Interface
- Step B. Customize the Form
- Step D. Remove Unwanted Enrollment Options
- Step 6. Enable End-Entity Interaction
- Enabling End-Entity Interaction with a Registration Manager
- Step 7. Turn on Automated Notification
- Step 9. Deliver PINs to End Users
- Managing Authentication Instances
- Modifying an Authentication Instance
- Managing Authentication Plug-in Modules
- Deleting an Authentication Module
- Automated Notifications
- Notifications of Certificate Issuance to End Entities
- Notification of New Request in Queue
- Customizing Notification Messages
- Customizing Message Templates
- Tokens Available in Message Templates
- Tokens for Rejection Notifications to End Entities
- Tokens for Request In Queue Notification Messages
- Step 2. Turn On Certificate-Issuance Notification
- Step 3. Turn on Request in Queue Notification
- Step 4. Verify Mail Server Settings
- Step 5. Test Your Configuration
- Configuring a Subsystem to Run Automated Jobs
- Step 2. Modify Existing Jobs
- Step 3. Delete Unwanted Jobs
- Step 5. Schedule the Frequency
- Step 7. Test Your Configuration
- Registering a Job Module
- Deleting a Job Module
- Introduction to Policy
- What Is Policy
- Policy Rules
- Using Predicates in Policy Rules
- Attributes for Predicates
- Policy Processor
- Configuring Policy Rules for a Subsystem
- Step 2. Modify Existing Policy Rules
- Step 3. Delete Unwanted Policy Rules
- Step 5. Reorder Policy Rules
- Step 6. Restart the Server
- Using JavaScript for Policies
- Deleting a Policy Module
- Publishing of Certificates to a Directory
- Timing of Directory Updates
- Directory Update Process
- Directory Synchronization
- What's a CRL
- Reasons for Revoking a Certificate
- Revocation Checking by Netscape Clients
- Publishing of CRLs to an LDAP Directory
- CRL Issuing Points
- Step 2. Set Up the Directory for Publishing
- Step C. Identify an Entry That Has Write Access
- Step E. Specify the Directory Authentication Method
- Step F. Modify the Certificate Mapping File
- Step G. Restart Directory Server
- Step B. Add Mappers, Publishers, and Publishing Rules
- Step 4. Configure the Certificate Manager to Publish CRLs
- Step A. Specify CRL Details
- Step B. Set the CRL Extensions
- Step C. Create a Mapper for the CRL
- Step D. Create a Publisher for the CRL
- Step E. Create a Publishing Rule for the CRL
- Step 5. Identify the Publishing Directory
- Step 6. Test Certificate and CRL Publishing
- Step A. Decide a Directory Entry for Requesting a Certificate
- Step D. Download the Certificate to the Browser
- Step F. Revoke the Certificate
- Step G. Check the Directory for the CRL
- Manually Updating Certificates in the Directory
- Manually Updating the CRL in the Directory
- Configuring Certificate Manager to Publish to Files
- Step 2. Configure the Certificate Manager
- Step B. Create Publishing Rules for Certificates
- Step C. Create a Publishing Rule for CRLs
- Step D. Specify CRL Details
- Step E. Set the CRL Extensions
- Step F. Make Sure Publishing is Enabled
- Step D. Check the File for the Certificate
- Step E. Revoke the Certificate
- Step F. Check the File for the CRL
- Managing Mapper and Publisher Plug-in Modules
- Deleting a Mapper or Publisher Module
- What's an OCSP-Compliant PKI Setup
- How to Get an OCSP Responder
- How Online Certificate Status Manager Works
- How to Get OCSP-Compliant Clients
- Setting Up a Certificate Manager with OCSP Service
- Step 2. Install OCSP-Compliant Client
- Setting Up Personal Security Manager for OCSP-Based Certificate Validation
- Step 3. Enable Certificate Manager's HTTP Port
- Step 5. Restart the Certificate Manager
- Step A. Turn On Revocation Checking in the Browser
- Step C. Approve the Request
- Step E. Make Sure the CA is Trusted by the Browser
- Step H. Revoke the Certificate
- Step J. Check the Certificate Manager's OCSP Service Status Again
- Step 2. Install an OCSP-Compliant Client
- Step A. Specify CRL Format and Publishing Interval
- Step C. Create a Publisher for the CRL
- Step D. Create a Publishing Rule for the CRL
- Step E. Make Sure Publishing is Enabled
- Step 5. Configure Certificate Manager for Required Extension Policies
- Step 6. Configure the Online Certificate Status Manager
- Step 7. Restart the Certificate Manager
- Step 8. Restart the Online Certificate Status Manager
- Step 10. Test Your OCSP Responder Setup
- Step B. Request a Certificate
- Step F. Verify the Certificate in the Browser
- Step I. Verify the Certificate in the Browser
- PKI Setup for Key Archival and Recovery
- Clients That Can Generate Dual Key Pairs
- Forms for Users and Key Recovery Agents
- Where the Keys are Stored
- How Key Archival Works
- Key Recovery Process
- Interface for the Key Recovery Process
- Local Versus Remote Key Recovery Authorization
- How Agent-Initiated Key Recovery Works
- Key Recovery Agent Scheme
- Changing Key Recovery Agents' Passwords
- Configuring Key Archival and Recovery Process
- Step A. Deploy Clients That Can Generate Dual Key Pairs
- Step C. Customize the Certificate Enrollment Form
- Step D. Configure Key Archival Policies
- Step 2. Set Up the Key Recovery Process
- Step B. Facilitate the Key Recovery Agents to Change the Passwords
- Step 3. Test Your Key Archival and Recovery Setup
- Step B. Verify the Key
- Step D. Restore the Key in the Browser's Database
- Introduction to Logs
- Logs Maintained by the Server
- Services That Are Logged
- Log Levels (Message Categories)
- Log File Locations
- Log File Naming Conventions
- Rotation of Log Files
- Location of Rotated Log Files
- Configuring CMS Logs
- Step 3. Delete Unwanted Listeners
- Step 4. Create New Listeners
- Monitoring CMS Logs
- Monitoring System Logs
- Monitoring Error Logs
- Monitoring Audit Logs
- Using System Tools for Monitoring the Server (Windows NT Only)
- Logging to Windows NT Event Log
- Avoiding Event Log From Getting Filled
- Archiving of Rotated Log Files
- Signing Log Files
- Managing Log Modules
- Deleting a Log Module
- Part 4 Issuing and Managing Certificates
- Certificate Issuance to Servers
- How the Manual Server Enrollment Process Works
- Getting Server SSL Certificates for Netscape Servers
- Step 1. Generate the Server Certificate Request
- Step 3. Install Your Server's SSL Certificate
- Step 5. Verify Your Server's SSL and CA Certificates
- Renewal of Server Certificates
- CEP Enrollment
- Setting up CEP Enrollment Manually
- Step 1. Set up the Directory for Publishing Certificates and CRLs
- Step 2. Configure the Certificate Manager for Publishing Certificates and CRLs
- Step 3. Set Up Automated Enrollment
- Step 4. Set Up Multiple CEP Services
- Certificate Issuance to Routers or VPN Clients
- Step 2. Generate the Key Pair for the Router
- Step 3. Request the CA's Certificate
- Example
- Part 5 Appendix
- Data Formats
Related products
NETSCAPE CONSOLE 6.0 - MANAGING SERVERSNETSCAPE DIRECTORY SERVER 6.0 - DEPLOYMENTNETSCAPE DIRECTORY SERVER 6.0NETSCAPE DIRECTORY SERVER 6.01 - DEPLOYMENTNETSCAPE DIRECTORY SERVER 6.02 - DEPLOYMENTNETSCAPE DIRECTORY SERVER 7.0 - DEPLOYMENTNETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENTNETSCAPE DIRECTORY SERVER 6.2 - DEPLOYMENTNETSCAPE DIRECTORY SERVER 6.01NETSCAPE DIRECTORY SERVER 6.02Netscape categories
More Netscape categoriesmanualsdatabase
Your AI-powered manual search engine