Step
|
Notes
|
1. Open a new browser window.
|
You'll need to start up a second instance of Netscape Navigator
in order to access the Administrator's web interface to CMS4 while
continuing to view these instructions.
|
2. Use the second browser to connect to the SSL agent port (17004).
Enter this URL in the browser's Location field in the format
shown below. (Use your actual machine name, not "your_machine".)
https:// your_machine:17004
|
Note the use of "https " instead of the usual "http " -
that's because we're using one of the SSL ports to communicate with CMS4.
The port number should be the one you specified in the wizard: 17004.
Use your machine name in the URL (there's no need for the ".com" since everything is local).
Because you're accessing an SSL port, CMS4 will use its SSL server certificate to authenticate itself to your browser.
(You generated the SSL server certificate in the wizard).
Because you just created it, it's not on your browser's list of trusted certificates.
This means you'll have to add it to your browser by going through a
series of dialog boxes that lets you add new certificates.
|
3.
Your browser will respond with a message saying it doesn't recognize
the authority of the person who signed the SSL certificate.
Click the Next button to continue.
|
This is the first step in adding the new cert to your browser.
|
4.
You should see a screen showing a summary of the new cert.
Click the Next button to continue.
|
Note the name of the person who supposedly signed this cert.
This is some of the information you entered in the Wizard.
You can click on the More Info button to see more details
about the person or server that's asking you to trust it.
|
5.
You will be asked if you want to accept this cert just for this session or until it expires.
Select "Accept this certificate forever (until it expires)" and
click the Next button to continue.
|
This will add the new cert to your browser's certificate database.
The file that contains your browsr's certs is cert7.db .
|
6.
You should see a screen that asks you if you want to be warned
before sending information to the new site.
Go ahead and click the checkbox for the warning, then
click the Next button to continue.
|
This is the first step in adding the new cert to your browser.
|
7.
You should see a screen that says "You have finished examining the
certificate presented by your server".
Click the Finish button to continue.
|
We're not finished yet!
|
8.
Reload the current page
(https://your_machine:17004)
|
You'll need to reload the page to continue issuing the initial user cert.
|
9. In the Administrator/Agent Certificate Enrollment form,
enroll for a client SSL certificate as the system's first privileged user by
entering the following information:
- Authentication Information -
User ID: cmsadmin
Password: cmsadmin
- Subject Name -
Full name: CMS Administrator
Login name: cmsadmin
Email address: your email address
Organization unit: optional
Organization: optional
- User's Key Length Information -
Key Length: Select 512 (Low Grade)
|
Note that the validity period of this initial agent certificate is hard-coded as one year.
|
10. Click Submit.
|
11. Follow the instructions your browser presents as it generates a key pair.
|
12. If authentication is successful, the new certificate will be imported into your browser, and you will be given an opportunity to
make a backup copy.
|