Questo contenuto non è disponibile nella lingua selezionata.
Chapter 2. User Interfaces
There are different interfaces for managing certificates and subsystems, depending on the user's role: administrators, agents, auditors, and end users.
2.1. User Interfaces Overview
Administrators can use the following interfaces to securely interact with a completed Certificate System installation:
- The PKI command-line interface and other command-line utilities
- The PKI Console graphical interface
- The Certificate System web interface.
These interfaces require configuration prior to use for secure communication with the Certificate System server over TLS. Using these clients without proper configuration is not allowed. Some of these tools use TLS client authentication. When required, their required initialization procedure includes configuring this. Which interface is used depends on the administrator's preferences and functionality available. Common actions using these interfaces are described in the remainder of the guide after this chapter.
By default, the PKI command-line interface uses the NSS database in the user's
~/.dogtag/nssdb/
directory. Section 2.5.1.1, “pki CLI Initialization” provides detailed steps for initializing the NSS database with the administrator's certificate and key. Some examples of using the PKI command-line utility are described in Section 2.5.1.2, “Using "pki" CLI”. Additional examples are shown through the rest of the guide.
Interfacing with Certificate System (as an administrator in other user roles) can be done using various command-line utilities to submit CMC requests, manage generated certificates, and so on. These are described briefly in Section 2.5, “Command Line Interfaces”, such as Section 2.5.2, “AtoB”. These utilities are utilized in later sections such as Section 5.2.1.2, “Creating a CSR Using
PKCS10Client
”.
The Certificate System web interface allows administrative access through the Firefox web browser. Section 2.4.1, “Browser Initialization” describes instructions about configuring the client authentication. Other sections in Section 2.4, “Web Interface” describe using the web interface of Certificate System.
The Certificate System's PKI Console is a graphical interface. Please note that it is being deprecated. Section 2.3.1, “
pkiconsole
Initialization” describes how to initialize this console interface. Section 2.3.2, “Using pkiconsole
for CA, OCSP, KRA, and TKS Subsystems” gives an overview of using it. Later sections, such as Section 3.2.2, “Managing Certificate Enrollment Profiles Using the Java-based Administration Console” go into greater detail for specific operations.
Note
To terminate a PKI Console session, click the
button. To terminate a web browser session, close the browser. A command-line utility terminates itself as soon as it performs the action and returns to the prompt, so no action is needed on the administrator's part to terminate the session.