Copyright © 2002 by PGP Corporation. All Rights Reserved.
This Tech Note describes how to set up a Netscape Certificate Management System (CMS) and Microsoft Active Directory.
Install Netscape CMS 4.1 and Directory Server 4.1 (included with CMS).
Note: Netscape's servers have some problems with pathnames with spaces in them, so PGP Corporation recommends against using "Program Files". The default is "C:\Netscape\Server4". Use the default.
For the examples in this document, we assume you chose "o=PGP" for your suffix.
Finish setting up CMS.
In the Netscape Console, open the server item for CMS. Answer the questions to finish the installation.
Tell CMS where to publish accepted certificate requests.
In the Netscape CMS console, click on the Configuration tab. In the tree view on the left, open the "Certificate Manager" item. Click LDAP Publishing. On the General tab, click the checkbox for Enable LDAP Publishing. Enter the hostname and port of the Netscape Directory Server you just installed. Enter the Directory Manager DN ("cn=Directory Manager") and the password (you chose this password when you installed Directory Server). Click Save. On the Tasks panel, click Restart the Server.
Add a new user for each user wishing to store X.509 certificates.
Open up the tree for the suffix you chose when you installed DS (o=PGP, etc. The tree doesn't display the "o=", just the value). Right click on the People tree item, and select New --> User.
On the "User" page (tabs are on the left of the window), type in the new user's first and last name into "First Name" and "Last Name", respectively. You may change his User ID if you wish. Finally, type a password for this user into "Password" and "Confirm Password". Click OK.
When you request the certificate, the Full name and Login name must match the user you created in the previous step for the certificate to be successfully published. When the CMS Administrator or Agent fulfills the certificate request, it will show whether the certificate was successfully published.
Set the Active Directory Permissions so that an anonymous user can read the certificates.
Under Control Panel\Administrative Tools, open "Active Directory Users and Computers". Open the tree item for your domain. Right click on Users. Select New --> User. Enter the user's information.
Using Internet Explorer (Netscape won't work), go to http://<server>/certsrv. You'll need to enter the new users' login information. From here, you can request a certificate.