Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
181182183184185186187188189190
Chapter 7: Setting and Use of the Interstage Certificate Environment
7-20
If a New Certificate and CRL are Obtained
If a new certificate is issued or a new CRL is obtained due to an increase in certificate usage after system
operation begins, use the scsenter command to register the certificate or CRL in the Interstage Certificate
Environment.
Verifying Operation using a Test Site Certificate before System
Operation Begins
Before system operation begins or during application for a certificate, a test site certificate can be used to
configure a system and verify operation.
Use the scsmakeenv command to create a test site certificate. The test site certificate is automatically
registered in the Interstage Certificate Environment. There is no need to use the scsenter command to
register the certificate.
Note
The test site certificate can be used for the following:
Server authentication with Interstage HTTP Server
CORBA Service with the client and server running on the same machine
Smart Repository using SSL on Replication Connection Settings in master of replication mode.
This certificate is for testing. Do not use it for actual operation.
Deleting a Certificate
A certificate that is no longer in use can be deleted.
Note that deleting a site certificate also deletes the corresponding private key. Losing a private-key
permanently disables registration of the corresponding site certificate. If the CA certificate is deleted, the
CA certificate and site certificate issued by the CA can no longer be used.
Use the scsdelete command carefully when deleting certificates.
Retaining a certificate that is no longer in use in the environment poses no problems.
Making a PKCS#12 Data Backup and Restoring from this Backup
You can make a PKCS#12 data backup of a site certificate, private key corresponding to it, and
Certification Authority certificates required for verification of the site certificate. To do this, use the
scsexppfx command. The PKCS#12 data backup made is password-encrypted to ensure the security of
the private key.
You can restore from the PKCS#12 data backup using the scsimppfx command. In addition, you can use
the scsimppfx command to transfer the backup data.
However, PKCS#12 data cannot include other reliable site certificates. For information on how to make a
backup of the entire Interstage certificate environment, refer to the Operator's Guide.