Describe the role of the Registration Manager
|
|
What Is The Registration Manager?
A Registration Manager is a trusted subsystem to which a Certificate
Manager can delegate responsibility. A Registration Manager cannot issue
or revoke certificates by itself; instead, it evaluates end-entity requests
and forwards them to a Certificate Manager for action, such as the issuing
of a certificate.
A Registration Manager is designed to handle certificate life-cycle
management tasks--that is, the tasks required to maintain a certificate
throughout its life cycle, including the following:
- Enrolling end entities (initial authentication and initiation to the PKI)
- Enforcing policies such as request validation requirements, authentication
requirements, and certificate formulation
- Distributing issued certificates
- Publishing issued certificates to an LDAP directory (LDAP 1.0 or higher)
- Coordinating certificate renewal
- Coordinating end-entity private encryption key storage with a Data Recovery Manager
Figure 3.5
|