1.3. Forms for Performing Agent Operations
The agent services interfaces are form-based HTML pages that are part of the Certificate System installation. The Certificate System administrator designates users as agents for each installed subsystem (Certificate Manager, Data Recovery Manager, Online Certificate Status Manager, and TPS). Only a designated agent for a subsystem can use that subsystem's agent services interface. Additionally, the designated agents must have personal client SSL certificates loaded into their client software to access the agent services interface.
A subsystem agent with the proper certificates can access agent services forms through the agent services page to manage certificates. Table 1.1, “Forms Used for Agent Operations”, describes each of these HTML forms.
| Form name | Description |
|---|---|
| List Requests (Certificate Manager) | Used by Certificate Managers agents to examine, select, and process requests for certificate services. For instructions on using this form, see Section 3.2, “Listing Certificate Requests”. |
| List Certificates (Certificate Manager) | Used by Certificate Manager agents to list certificates within a range of serial numbers; the list of returned certificates can be limited to valid certificates. For instructions on using this form, see Section 4.1, “Basic Certificate Listing”. |
| Search for Certificates (Certificate Manager) | Used by Certificate Manager agents to search for and list Certificate System-issued certificates by subject name, certificate type, the state of the certificate (such as expired or revoked), and the dates when the certificate was issued, revoked, expired, or valid. For instructions on using this form, see Section 4.2, “Advanced Certificate Search”. |
| Revoke Certificates (Certificate Manager) | Used by Certificate Manager agents to search for and revoke certificates issued by the Certificate System. For instructions on using this form, see Section 4.4, “Revoking Certificates”. |
| Update Revocation List (Certificate Manager) | Used by Certificate Manager agents for manual updates of the published CRL. For instructions on using this form, see Section 4.5.2, “Updating the CRL”. |
| Update the Directory Server (Certificate Manager) | Used by Certificate Manager agents to update the LDAP publishing directory with changes in certificate information like newly issued certificates and updated CRLs. For instructions on using this form, see Section 5.2, “Manual Directory Updates”. |
| Search for Requests | Used to search for requests filed by end-entities with the Certificate System. Searched criteria include request ID range, request type, request status, and request owner. Searches are limited by two factors: the total time allowed for the search operation (in seconds) and maximum number of results to display. |
| Display Revocation List | Used to view the current CRL. The display can be customized by the issuing point and display type. Clicking on the CRL number will display the time taken to generate this CRL, known as the CRL split time. |
| List Requests (DRM) | Used by DRM agents to find and examine requests for key services. For instructions on using this form, see Section 6.1, “List Requests”. |
| Search for Keys (DRM) | Used by DRM agents to find and list specific archived keys. For instructions on using this form, see Section 6.2, “Finding and Recovering Keys”. |
| Recover Keys (DRM) | Used by DRM agents to find and recover specific archived keys. A key in the list returned by a search is selected and its recovery is initiated; the recovery must be authorized by designated key recovery agents. For instructions on using this form, see Section 6.2.2, “Recovering Keys”. |
| Authorize Recovery (DRM) | Used to authorize a key recovery request remotely that was initiated by another DRM agent. For instructions on using this form, see Section 6.2.2, “Recovering Keys”. |
| List Certificate Authorities (Online Certificate Status Manager) | Used to list Certificate Managers that are currently configured to publish their CRLs to the Online Certificate Status Manager. For instructions, see Section 7.1, “Listing CAs Identified by the OCSP”. |
| Add Certificate Authority (Online Certificate Status Manager) | Used to identify a Certificate Manager to the Online Certificate Status Manager. For instructions, see Section 7.2, “Identifying a CA to the OCSP”. |
| Add Certificate Revocation List (Online Certificate Status Manager) | Used to add a CRL to the Online Certificate Status Manager's internal database. For instructions, see Section 7.3, “Adding a CRL to the OCSP”. |
| Check Certificate Status (Online Certificate Status Manager) | Used to check the status of OCSP service requests sent by OCSP-compliant clients. For instructions, see Section 7.4, “Checking the Revocation Status of a Certificate”. |
| Manage Certificate Profiles (CA) | Used to enable and disable supported certificate profiles. Once a profile is disabled, the administrator can make changes to the profile by editing the profile configuration files or through the Console. |
| OCSP Service (CA) | Used to manage the operation of the CA's internal OCSP service. |
| List Tokens (TPS) | Used to list all the enrolled tokens, which shows all of the tokens enrolled by the TPS and basic information about the token. See Section 8.3, “Managing Tokens”. |
| Search Tokens (TPS) | Used to search for the tokens by either user ID for the user issued the token or by the contextually unique ID (CUID) of the token. See Section 8.3, “Managing Tokens”. |
| List Certificates (TPS) | Used to list all certificates on the token. See Section 8.4, “Listing and Searching Certificates”. |
| Search Certificates (TPS) | Used to search for certificates stored on the tokens by either user ID for the user issued the certificate or by the contextually unique ID (CUID) of the token. See Section 8.4, “Listing and Searching Certificates”. |
| List Activities (TPS) | Used to list all operations performed through the TPS. See Section 8.5, “Searching Token Activities”. |
| Search Activities (TPS) | Used to search for operations performed through the TPS. The operations are only searched by the contextually unique ID (CUID) of the token. See Section 8.5, “Searching Token Activities”. |
Table 1.1. Forms Used for Agent Operations