2.3. Forms for Performing Agent Operations
The agent services interfaces are form-based HTML pages that are part of the Certificate System installation. The Certificate System administrator designates certain users as agents for each installed subsystem (Certificate Manager, Data Recovery Manager, Online Certificate Status Manager, and Token Processing System). Only a designated agent for a subsystem can use that subsystem's agent services interface.
In addition, these designated agents must have personal client SSL certificates installed on their client software to access the agent services interface.
A subsystem agent with the correct certificates can access agent services forms through the agent services page to manage certificates. Table 2.1, “Forms Used for Agent Operations”, describes each of these HTML forms.
| Form name (Operation) | Subsystem | Description |
|---|---|---|
| List all Requests | CM | Examine, select, and process requests for certificate services. For instructions on using this form, see Section 4.2, “Listing Certificate Requests”. |
| List all Certificates | CM | List certificates within a range of serial numbers; the list of returned certificates can be limited to valid certificates. For instructions on using this form, see Section 5.1, “Basic Certificate Listing”. |
| Search for Certificates | CM | Search for and list Certificate System-issued certificates by subject name, certificate type, the state of the certificate (such as expired or revoked), and the dates when the certificate was issued, revoked, expired, or valid. For instructions on using this form, see Section 5.2, “Advanced Certificate Search”. |
| Revoke Certificates | CM | Search for and revoke certificates issued by the Certificate System. For instructions on using this form, see Section 5.4, “Revoking Certificates”. |
| Update the Revocation List | CM | Perform manual updates of the published CRL. For instructions on using this form, see Section 5.5.2, “Updating the CRL”. |
| Update the Directory Server | CM | Update the LDAP publishing directory with changes in certificate information like newly issued certificates and updated CRLs. For instructions on using this form, see Section 6.2, “Manual Directory Updates”. |
| Search for Requests | CA and DRM | Search for requests filed by end entities with the Certificate System. Search criteria include the request ID range, request type, request status, and request owner. Searches are limited by two factors: the total time allowed for the search operation (in seconds) and the maximum number of results to display. |
| Display the Revocation List | CA | View the current CRL. The display can be customized by the issuing point and display type. Click the CRL number to display the time taken to generate this CRL; this is known as the CRL split time. |
| List all Requests | DRM | Find and examine requests for key services. For instructions on using this form, see Section 7.1, “List Requests”. |
| Search for Keys | DRM | Find and list specific archived keys. For instructions on using this form, see Section 7.2, “Finding and Recovering Keys”. |
| Recover Keys | DRM | Find and recover specific archived keys. A key in the list returned by a search is selected and its recovery is initiated; the recovery must be authorized by designated key recovery agents. For instructions on using this form, see Section 7.2.2, “Recovering Keys”. |
| Authorize Recovery | DRM | Authorize a key recovery request remotely that was initiated by another DRM agent. For instructions on using this form, see Section 7.2.2, “Recovering Keys”. |
| List Certificate Authorities | OCSM | List CMs that are currently configured to publish their CRLs to the OCSM. For instructions, see Section 8.1, “Listing CAs Identified by the OCSP”. |
| Add Certificate Authority | OCSM | Identify a CM to the OCSM. For instructions, see Section 8.2, “Identifying a CA to the OCSP”. |
| Add Certificate Revocation List | OCSM | Add a CRL to the OCSM's internal database. For instructions, see Section 8.3, “Adding a CRL to the OCSP”. |
| Check Certificate Status | OCSM | Check the status of OCSP service requests sent by OCSP-compliant clients. For instructions, see Section 8.4, “Checking the Revocation Status of a Certificate”. |
| Manage Certificate Profiles | CA | Enable and disable supported certificate profiles. Once a profile is disabled, the administrator can make changes to the profile by editing the profile configuration files or through the Console. |
| OCSP Service | CA | Manage the operation of the CA's internal OCSP service. |
| List all Tokens | TPS | List all the enrolled tokens, which shows all of the tokens enrolled by the TPS and basic information about the token. See Section 9.3, “Managing Tokens”. |
| Search for Tokens | TPS | Search for tokens using either the user ID of the user to whom the token was issued, or by the contextually unique ID (CUID) of the token. See Section 9.3, “Managing Tokens”. |
| List all Certificates | TPS | List all certificates on the token. See Section 9.4, “Listing and Searching Certificates”. |
| Search for Certificates | TPS | Search for certificates stored on the tokens using either the user ID of the user to whom the certificate was issued, or by the contextually unique ID (CUID) of the token. See Section 9.4, “Listing and Searching Certificates”. |
| List all Activities | TPS | List all operations performed through the TPS. See Section 9.5, “Searching Token Activities”. |
| Search for Activities | TPS | Search for operations performed through the TPS. The operations are only searched by the contextually unique ID (CUID) of the token. See Section 9.5, “Searching Token Activities”. |