Chapter 4. Certificate Manager

Chapter 4. Certificate Manager

Chapter 4. Certificate Manager

4.1. How the Certificate Manager Works

4.1.1. Enrollment
4.1.2. Renewal
4.1.3. Revocation

4.2. Certificate Manager Certificates

4.2.1. CA Signing Key Pair and Certificate
4.2.2. OCSP Signing Key Pair and Certificate
4.2.3. SSL Server Key Pair and Certificate
4.2.4. Certificate Considerations
4.2.5. Cross-Pair Certificates

4.3. CA Hierarchy

4.3.1. Subordination to a Public CA
4.3.2. Subordination to a Certificate System CA

4.4. Security Domains

4.4.1. The domain.xml File
4.4.2. Security Domain Roles
4.4.3. Creating a Security Domain
4.4.4. Joining a Security Domain
4.4.5. Additional Security Domain Information

4.5. Configuring the Certificate Manager Instance

4.6. CA Certificate Renewal or Reissuance

4.7. Changing the Rules for Issuing Certificates

4.8. Setting Restrictions on CA Certificates through Certificate Extensions

4.9. Creating Certificate Manager Agents and Administrators

4.10. Checking the Revocation Status of Agent Certificates

4.11. CRL Signing Key Pair and Certificate

4.12. DNs in the Certificate System

4.12.1. Extending Attribute Support

The Certificate Manager subsystem serves as a Certificate Authority (CA) in the PKI. It can issue, renew, and revoke certificates; create and issue CRLs; and publish certificates and CRLs.

This chapter discusses the Certificate Manager subsystem. It provides an overview of the subsystem including an overview of processes, information about cross-signed CA certificates, and other information for maintaining the Certificate Manager.