Netscape Certificate Management System Administrator's Guide: About This Guide

Administrator's Guide
Netscape Certificate Management System

About This Guide

This Administrator's Guide explains how to install, configure, and maintain Netscape Certificate Management System (CMS), and use it for issuing and managing certificates to various end entities, such as web browsers (users), servers, Virtual Private Network (VPN) clients, and Cisco^TM routers.

This preface has the following sections:

Who Should Read This Guide

What You Should Know

What's in This Guide

Conventions Used in This Guide

Documentation

Who Should Read This Guide

This guide is intended for experienced system administrators who are planning to deploy CMS. CMS agents should refer to CMS Agent's Guide for information on how to perform agent tasks, such as handling certificate requests and revoking certificates.

What You Should Know

This guide assumes the following:

You understand the concepts of intranet, extranet, and Internet security and the role of digital certificates in a secure enterprise, including the following topics:

Encryption and decryption

Public keys, private keys, and symmetric keys

Significance of key lengths

Digital signatures

Digital certificates, including various types of digital certificates

The role of digital certificates in a public-key infrastructure (PKI)

Certificate hierarchies

You are familiar with LDAP, Netscape Directory Server, and working with Netscape Console.

You are familiar with the basic concepts of public-key cryptography and the Secure Sockets Layer (SSL) protocol including the following:

SSL cipher suites

The purpose of and major steps in the SSL handshake

What's in This Guide

This guide contains the following elements:

Chapter 1 "Overview"

Provides a listing of the features of CMS, an overview of how CMS works, an architectural overview of CMS, and lists the standards used in the product.

Chapter 2 "Installation"

Provides step-by-step installation instructions.

Chapter 3 "Certificate Manager"

Provides information about installing a Certificate Manager, step-by-step instructions for installing a Certificate Manager, an overview of the configuration options for a Certificate Manager, information about Federal Bridge CA, and information on setting up a cloned CA.

Chapter 4 "Registration Manager"

Provides information about installing a Registration Manager, step-by-step instructions for installing a Registration Manager, and an overview of the configuration options for a Registration Manager.

Chapter 5 "OCSP Responder"

Provides information about installing an Online Certificate Status Manager, step-by-step instructions for installing an Online Certificate Status Manager, and an overview of the configuration options for an Online Certificate Status Manager.

Chapter 6 "Data Recovery Manager"

Provides information about installing a Data Recovery Manager, step-by-step instructions for installing a Data Recovery Manager, and an overview of the configuration options for a Data Recovery Manager.

Chapter 8 "Administrative Basics"

Provides information and procedures for performing configuration that is common to all subsystems including working in the administrative interface; starting and stopping the server; working with logs; working with self-test; managing the database; and managing the certificate database.

Chapter 9 "Authorization"

Provides information and procedures for setting up Access Control Lists that define authorization, creating users, and assigning users to groups to give them the privileges defined by the ACLs for that group.

Chapter 10 "Authentication"

Provides information and procedures for setting up various authentication methods to automate the enrollment process.

Chapter 11 "Certificate Profiles"

Provides information and procedures for configuring the profile feature.

Chapter 12 "Policies"

Provides information and procedures for configuring the policy feature.

Chapter 13 "Automated Notifications"

Provides information and procedures for configuring the notification feature.

Chapter 14 "Automated Jobs"

Provides information and procedures for configuring the jobs feature.

Chapter 15 "Revocation and CRLs"

Provides information and procedures for configuring the crls feature, and revoking certificates.

Chapter 16 "Publishing"

Provides information and procedures for configuring the publishing feature.

""

Provides information about clones, failover, and configuring CMS for failover support.

Appendix A "Common Criteria Environment: Security Requirements"

Provides security requirements for running CMS in the Common Criteria Environment.

Appendix B "Common Criteria Environment: Setup and Operations"

Provides details on setting up CMS in the Common Criteria Environment.

Appendix C "Understanding the Common Criteria Evaluated CMS Setup"

Provides information about running CMS in the Common Criteria Environment.

Appendix F "Certificate Download Specification"

Provides information about the certificate download specification.

Appendix G "Certificate and CRL Extensions"

Provides general information about Certificate and CRL extensions.

Appendix H "Object Identifiers"

Provides general information about object identifiers.

Appendix I "Distinguished Names"

Provides general information about distinguished names.

Appendix J "Introduction to Public-Key Cryptography"

Provides general information about public-key cryptography.

Appendix K "Introduction to SSL"

Provides introductory information about SSL.

Conventions Used in This Guide

The following conventions are used in this guide:

Monospaced font

This typeface is used for any text that appears on the computer screen or text that you should type. It's also used for filenames, functions, and examples.

Example: Server Root is the directory where the CMS binaries are kept.

Italic

Italic type is used for emphasis, book titles, and glossary terms.

Example: This control depends on the access permissions the super administrator has set up for you.

Boldface

Boldface type is used for various UI components such as captions and field names, and the terminology explained in the glossary.

Example:

Rotation frequency. From the drop-down list, select the interval at which the server should rotate the active error log file. The available choices are Hourly, Daily, Weekly, Monthly, and Yearly. The default selection is Monthly.

Monospaced [ ]

Square brackets enclose commands that are optional.

Example:

PrettyPrintCert <input_file> [<output_file>]

<input_file> specifies the path to the file that contains the base-64 encoded certificate.

<output_file> specifies the path to the file to write the certificate. This argument is optional; if you don't specify an output file, the certificate information is written to the standard output.

Monospaced <>

Angle brackets enclose variables or placeholders. When following examples, replace the angle brackets and their text with text that applies to your situation. For example, when path names appear in angle brackets, substitute the path names used on your computer.

Example: Using Netscape Communicator 4.7 or later, enter the URL for the Netscape Administration Server: http://<hostname>:<port_number>

/

A slash is used to separate directories in a path.

Example: Except for the Security Module Database Tool, you can find all the other command-line utilities at this location: <server_root>/bin/cert/tools

Notes and Cautions:

Note

A note alerts you to information that may be of interest to you.

Caution

A caution signals a potential risk of losing data, damaging software or hardware, or otherwise disrupting system performance.

Documentation

All documentation is installed with the product and can be accessed from the help system. Further, the documentation can also be accessed from the installed product in the following directory:

<server_root>/manual/en/

The documentation set for CMS includes the following:

Managing Servers with Netscape Console

Provides background information on basic cryptography concepts and the role of Netscape Console.

CMS Administrator's Guide (this guide)

Describes how to plan for, install, and administer CMS.

CMS Command-Line Tools Guide

Provides detailed reference information on CMS tools.

CMS Customization Guide

Provides detailed reference information on customizing the HTML-based agent and end-entity interfaces.

CMS Agent's Guide

Provides detailed reference information on CMS agent interfaces. To access this information from the Agent Services pages, click any help button.

Last Updated November 23, 2004

Chapter 1 "Overview"	Provides a listing of the features of CMS, an overview of how CMS works, an architectural overview of CMS, and lists the standards used in the product.
Chapter 2 "Installation"	Provides step-by-step installation instructions.
Chapter 3 "Certificate Manager"	Provides information about installing a Certificate Manager, step-by-step instructions for installing a Certificate Manager, an overview of the configuration options for a Certificate Manager, information about Federal Bridge CA, and information on setting up a cloned CA.
Chapter 4 "Registration Manager"	Provides information about installing a Registration Manager, step-by-step instructions for installing a Registration Manager, and an overview of the configuration options for a Registration Manager.
Chapter 5 "OCSP Responder"	Provides information about installing an Online Certificate Status Manager, step-by-step instructions for installing an Online Certificate Status Manager, and an overview of the configuration options for an Online Certificate Status Manager.
Chapter 6 "Data Recovery Manager"	Provides information about installing a Data Recovery Manager, step-by-step instructions for installing a Data Recovery Manager, and an overview of the configuration options for a Data Recovery Manager.
Chapter 8 "Administrative Basics"	Provides information and procedures for performing configuration that is common to all subsystems including working in the administrative interface; starting and stopping the server; working with logs; working with self-test; managing the database; and managing the certificate database.
Chapter 9 "Authorization"	Provides information and procedures for setting up Access Control Lists that define authorization, creating users, and assigning users to groups to give them the privileges defined by the ACLs for that group.
Chapter 10 "Authentication"	Provides information and procedures for setting up various authentication methods to automate the enrollment process.
Chapter 11 "Certificate Profiles"	Provides information and procedures for configuring the profile feature.
Chapter 12 "Policies"	Provides information and procedures for configuring the policy feature.
Chapter 13 "Automated Notifications"	Provides information and procedures for configuring the notification feature.
Chapter 14 "Automated Jobs"	Provides information and procedures for configuring the jobs feature.
Chapter 15 "Revocation and CRLs"	Provides information and procedures for configuring the crls feature, and revoking certificates.
Chapter 16 "Publishing"	Provides information and procedures for configuring the publishing feature.
""	Provides information about clones, failover, and configuring CMS for failover support.
Appendix A "Common Criteria Environment: Security Requirements"	Provides security requirements for running CMS in the Common Criteria Environment.
Appendix B "Common Criteria Environment: Setup and Operations"	Provides details on setting up CMS in the Common Criteria Environment.
Appendix C "Understanding the Common Criteria Evaluated CMS Setup"	Provides information about running CMS in the Common Criteria Environment.
Appendix F "Certificate Download Specification"	Provides information about the certificate download specification.
Appendix G "Certificate and CRL Extensions"	Provides general information about Certificate and CRL extensions.
Appendix H "Object Identifiers"	Provides general information about object identifiers.
Appendix I "Distinguished Names"	Provides general information about distinguished names.
Appendix J "Introduction to Public-Key Cryptography"	Provides general information about public-key cryptography.
Appendix K "Introduction to SSL"	Provides introductory information about SSL.

Monospaced font	This typeface is used for any text that appears on the computer screen or text that you should type. It's also used for filenames, functions, and examples.
	Example: `Server Root` is the directory where the CMS binaries are kept.
Italic	Italic type is used for emphasis, book titles, and glossary terms.
	Example: This control depends on the access permissions the super administrator has set up for you.
Boldface	Boldface type is used for various UI components such as captions and field names, and the terminology explained in the glossary.
	Example:
	Rotation frequency. From the drop-down list, select the interval at which the server should rotate the active error log file. The available choices are Hourly, Daily, Weekly, Monthly, and Yearly. The default selection is Monthly.
`Monospaced [ ]`	Square brackets enclose commands that are optional.
	Example: `PrettyPrintCert <input_file> [<output_file>]`
	`<input_file>` specifies the path to the file that contains the base-64 encoded certificate.
	`<output_file>` specifies the path to the file to write the certificate. This argument is optional; if you don't specify an output file, the certificate information is written to the standard output.
`Monospaced <>`	Angle brackets enclose variables or placeholders. When following examples, replace the angle brackets and their text with text that applies to your situation. For example, when path names appear in angle brackets, substitute the path names used on your computer.
	Example: Using Netscape Communicator 4.7 or later, enter the URL for the Netscape Administration Server: `http://<hostname>:<port_number>`
`/`	A slash is used to separate directories in a path.
	Example: Except for the Security Module Database Tool, you can find all the other command-line utilities at this location: `<server_root>/bin/cert/tools`


Note	A note alerts you to information that may be of interest to you.


Caution	A caution signals a potential risk of losing data, damaging software or hardware, or otherwise disrupting system performance.