Skip Headers
Oracle® Application Server Certificate Authority Administrator's Guide
10g Release 2 (10.1.2)
B14080-02
  Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents

Previous
Previous
 

Index

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  R  S  T  U  V  W  X 

A

Accessing the User Interface, 8.1
acquire subCA certificate, B
acquiring a server certificate, 8.2.3
add a policy (custom only), 6.4.5.5
adding
custom policy, 6.6.2
policies, 6.4, 6.4, 6.6
predicates, 6.5.1.4
ADMIN, A.1
administering
policies, 6.2
administration interface, 4.4, 5.1
administrative password, 4.3
Administrative Task Overview, 4, E
Administrator
types of, A.6
administrator
certificate, 2.2.3, 4.5.3
form, 2.2.3
new, 4.3, 7.2.3
password, 2.2.3, 4.2, 4.2, 4.2
administrator certificate, 4.4
administrator password, B.2
ocactl requires, 7.1.4
administrator's certificate
importing, 2.2.3
installing, 2.2.3
admin.log, 7.5.1, 7.5.1, A.16
admin.trc, 7.5, 7.5.1, 7.5.1, A.16
advanced DN, 4.5.6.3
advanced topics, 7
Affiliation Change (revocation reason), 4.5.3
AFFILIATION_CHANGE (revocation code), 4.3
alerts, 5.2.2.2
CA SMIME wallet, 7.1.2.2
configuring, 5.2.2.1, 7.1.2.2
CRL generation failure, 5.2.2.2
All Pending Requests, 4.5.5
allowExpiredCerts, 6.3.4
allowRenewal, 6.3.5
altering
requests, 6.3
ancestors, B.2.1
Apache, 4.9, 7.2.1
Oracle HTTP Server, 7.1.2.1
APIs, 6.5, 6.6
and plug-ins, 6.2
application
SSO usage, 4.8.3
apply policy checkbox, 6.4
applying
policies, 6.2
policy default values, 6.5.1
approval
manual, 8.2
approve, 2.2.3, 4.5, 4.5.1, 4.5.1, 4.5.5
Approving Certificate Requests, 4.5.1
Approving or Rejecting Certificate Requests, 4.5.1
asterisk
in predicate expression, 6.5
matches attributes, 6.5
not string matching, 6.5
attributes, 1.3.3.3
asterisk matches, 6.5
in predicates, 6.5
authentication, 1.1, 1.2, 1.3.1, 1.3.3.3, 2.1.4, 2.3, 2.3, 4.8.3, 8
certificate usage definition, D.1
certificate-based, 2.3.2
change method, 2.2.3, 8.2
checking the CRL, 4.6
client certificate, 4.2
configuring for SSL & SSO, 5.2.4.2
form, 4.2
manual, 8.2.1.4
mod_osso, 2.3
password-based, 2.3.1
SSL, 8.2, 8.2.1.3
SSL server, 7.1.2.1
SSL-based, 2.3.1
SSO, 4.8.2
user, 4.5.1.1
authority
certification, 1.1.2
automatic certificates for SSL/SSO users, 8.2
automatic client users, 6.3.2

B

backing up
wallets, 7.2.1
backup and recovery
considerations, 7.8
backup and recovery procedures, 7
BASE64, B.1
CRL, 8.4.2
BASE64 certificate, B.2.1
BasicConstraintsExtension, B.2
benefits
OracleAS PKI, 1.3.2
benefits of a PKI, 1.2
big-endian order, 6.5
BigIP, F
binary copy of CRL, 8.4.2
binary number
key, 1.1.1
bits
set for extensions, B.2
broadcasting OCA request page to SSO users, 4.8, 4.8.1
browsers, 1.3.3.1, 2.2.1
configuring, 8.2.1.2
import certificate, 4.8.2
import SSO certificate, 4.8.2
password, 4.2, 4.2
present certificates to SSO, 4.8.3
use CRLs, 4.6
Built-in Plug-in Policy Modules, 2.2.2

C

CA, 1.1.2, 1.1.2.2, A.1, A.6
hierarchy, B.2
key size choices, A.1
levels, 1.1.2.2
new
new signing password, B.2
root, 1.1.2.2
signing, 1.1.2.1
subordinate, 1.1.2.2
ca
certificate type, 6.5
CA certificate
new, 7.1.1, A.7
save or install, 8.3
CA Compromise (revocation reason), 4.5.3
CA hierarchy, B.2.1
setting up, B
CA key
compromised, 7.1.1, 7.2.2
CA Signing
certificate usage definition, D.1
CA signing, 8.2.3
wallet, 4.9
CA signing certificate, 7.1.1, 7.1.1
invalid, 7.1.1, A.7
CA signing wallet
regenerating, 7.1.1
CA SMIME
key size choices, A.1
CA SMIME wallet, 7.1.1
generating, B.2.2
signing alerts & notifications, 7.1.2.2
CA SSL, A.8
CA SSL wallet, 4.9, 7.1.1
generating, B.2.2
regenerating, 7.1.2
CA_COMPROMISE (revocation code), 4.3
card reader, 8.2.1
case-insensitive
strings in predicates, 6.5
CASMIME, A.1, A.6
CASSL, A.1, A.6
key size choices, A.1
centralization, 1
Certificate, 4.5.3
certificate
administrator, 4.4, 4.5.3
administrator information required, 4.2
administrator request, 4.2
all invalidated, 7.1.1, 7.1.1, A.7
approved, 2.2.3
automatic for SSL/SSO users, 8.2
BASE64, B.2.1
compromised, 4.5, 4.5.3, 4.5.3
contents, 1.1.2.3
contents and uses, 1.1.2.3
digital, 1.1.2
download, 8.2
download into file system, 8.1
expired, 4.5.4, 6.3, 6.3.4
expiring, 7.1.3
extensions, 1.1.2.3
finding, 4.5.5
fingerprint, 1.1.2.3
getting a, 2.3.1
import, 4.2, 4.8.2, 8.2
import into browser, 8.1
import to browser, 4.2
import to file system, 8.7
inconsistent state, 7.2.2
invalidated, 7.2.2
issued upon request for SSO/SSL-authenticated user, 5.2.4.2
management, 4, 4, 4.5
manual, 6.3.2
multiple, 6.3
multiple constraint, 6.3.3
new CA, 7.1.1, A.7
new request, 8.2
new required, 7.2.2
owner, 4.5.6.2
parameter values
restricting, 6.2
pending, 2.2.3
pending request alerts, 5.2.2.2
PKCS#10 request, 1.3.3.1, 2.2.1, B
PKI, 1.1.2
policies, 6.2
properties, 2.2.2
publish SSO, 4.8.2
publishing, 5.2.4.1, 7.6.3
purposes, 2.3.2
rejected, 2.2.3
rejecting, 4.5.1.2
renew, 8.2
renewal window, 4.5, 4.5.4, 6.3.5, 6.3.5, 6.3.5, 6.4.3
renewing, 4.5.4, 7.1.3, 8.2.2, 8.2.2.2
replace administrator, 4.3
request
SSO, 4.8.1
request URL for SSO, 4.8.1
requests, 2.2.1, 2.2.1
pending, 4.4.1
status, 2.2.3
retrieving, 8.2.2, 8.2.2.1
revoke, 8.2
revoking, 4.5.3, 8.2.2, 8.2.2.3
revoking expired, 6.3.4
root CA, 4.5.3
save or install, 8.2
search, 4.5.5
separate, 1.1.2.3
serial number, 1.1.2.3
server, 6.3.2, 8.2, 8.2.3
server, acquiring, 8.2.3
server/subCA, 8.2.3
signer, 8.2.1.1, 8.2.1.2.2
signing, 1.1.2.3
SMIME invalidated, B.2.2
SSL, 1.1.2.3
SSL invalidated, B.2.2
SSO usage, 4.8.2, 4.8.3
status, 4.5.6, 4.5.6.5
Sub CA, 4.5.1.1
trusted, B.2.1
editing uses, 8.2.1.1, 8.2.1.2.2
types, 8.2
types in predicates, 6.4.5.1, 6.5
user, 8.2.1
using existing, 5.2.4.2
view, 8.2
viewing details, 4.5.2
X.509, Preface, 1.1.2.3, 1.1.2.3, 1.1.2.3, 1.3.3.1, 2, 2.1.1, 2.1.1, 2.2.1, 2.3, 2.3.2, A.11, A.11, B.2, D
Certificate Authority
CA, 1.1.2.2
certificate authority, 1.3.1
signing, 1.1.2
Certificate Management Tab, 4.4.1
Certificate Management tab, 2.2.3
Certificate Practice Statement, 3.2.2
Certificate Renewal, 8.2.2.2
Certificate Renewal Policy as Shipped, 6.4.3
Certificate Request Details screen, 4.5.1.1
Certificate Request form, 8.2.1.1
Certificate Request Policies as Shipped, 6.4.1
Certificate Retrieval, 8.2.2.1
Certificate Retrieval, Renewal, and Revocation, 8.2.2
Certificate Revocation, 8.2.2.3
certificate revocation list, 2.2.3, 3.2.3, 4.6, 7.2.2
retrieving with ldapsearch, 4.7.1
Certificate Revocation Policy as Shipped, 6.4.2, 6.4.4
certificate usage
in predicates, 6.5
CERTIFICATE_HOLD (revocation code), 4.3
certificates
life-cycle, 1.3.3.4
certification authority, 1.1.2
certified, 4.5, 4.5.6, 4.5.6.5
Cessation of Operation (revocation reason), 4.5.3
CESSATION_OF_OPERATION (revocation code), 4.3
challenges, 1
changes
policy, 6.4
ports or nodes, A.1
changesecurity, 7.6.1, A.1, A.1
changesecurity command, 7.6.1
changing
method of authentication, 8.2
wallet password, 7.1.4
changing OCA's IM Services, 7.6.1, 7.6.1
changing passwords, 7.1.4
Changing Privileged Passwords, A.6
class, 6.4
clear, A.1, A.1
clearing
log or trace
deletes contents, 7.5.1
log or trace data, 7.5.1
client
certificate type, 6.5
client locale, 7.2.4
clientAuth, D.1.1
CN
in DN, 6.5
code Signing
certificate usage definition, D.1
codes
revocation, 4.3
codeSigning, D.1.1
cold failover
configuration, 7.7.1
deployment, 7.7.1
Collaboration Suite, 2.1.3
comma, 8.2.1.4
in DN entry, 6.3.5
command-line interface, 4
commands, A.1
clear, A.1
generatewallet, A.1
help, A.1
importwallet, A.1
linksso, A.1
renewcert, A.1
revokecert, A.1
set, A.1
setpassword, A.1
start, A.1
stop, A.1
unlinksso, A.1
updateconnection, A.1
when take effect, 7.1.4
common name, 4.2, 4.2
searching, 4.5.5
Sub CA, B.2.1
complete DN, 6.5
components
needed by OCA, 3.4.1
Oracleas PKI, 1.3.3
Components of the OracleAS PKI, 1.3
compromised
CA key, 7.1.1, 7.2.2
compromised certificates, 4.5, 4.5.3, 4.5.3
configuration
cold failover, 7.7.1
configuration choices, 4.8, 4.8, 4.8
configuration file, A.1, A.3
configuration management, 4
alerts, 5.2.2.2
subtabs, 5.2
tab, 5.2
Configuration Operations for Oracle Application Server Certificate Authority, 7.2
configuration tasks, 5.2.1
configure
log & trace, 5.2.4.5
configuring
Apache, 7.2.1
on web, 7.2
sending signed alerts and notifications, 5.2.2.1, 7.1.2.2
site, 7.2
SSL automatically, 7.2.1
Sub CA, B.2.1, B.2.1
using ocactl, 7.2
Configuring Your Browser to Trust Oracle AS Certificate Authority, 8.2.1.2
connection information
changed strings, A.1
where stored & displayed, 7.6.3
connections, 5.2.4.7
changed nodes or ports, A.1
OCA repository and directory, 7.6.3
container
called database, cache, or wallet, 1.1.2.4
contents, 1.1.2.4
for certificates, 1.1.2.4
wallet, 1.1.2.4
containers, 1.3.3.1
PKI, 1.1.2.4
contents
certificate, 1.1.2.3
container, 1.1.2.4
contiguous DN, 6.3.5
contiguous string, 4.5.6
convertwallet, 7.2.1, 7.2.1, A.1, A.1, A.2, A.2
copying
BASE64 certificate, B.2.1
CRLs, 4.6
trust points, B.2.1
copying CRLs, 4.6
CPS (certification practice statement), 3.2.2
credentials
PKI, 1.1.2.4
criterion
for predicate order, 6.5.1
CRL, 2.2.1, 2.2.3, 4.5, 4.6, 4.7.1, 7.2.2, 8.1
auto-generation, 4.6
BASE64 form to cut and paste, 8.4.2
binary copy, 8.4.2
checking, 4.6
copying, 4.6, 4.6
download, 4.6
download into file system, 8.1
generating, 4.6
handling, 8.4
import, 4.6
import into browser, 8.1
multiple, 4.6
path used by server, 4.6
purpose, 4.5.5
save or install, 2.2.3, 8.2, 8.4.2
saving to multiple servers, 4.6
scheduling generation, 5.2.2.3
updating, 4.6, 4.6
usages, 4.6
CRL alerts, 5.2.2.2
CRL validity, 4.6
days to next update, 4.6
CRL_SIGN, B.2
cryptographic service provider, 4.2
custom policy, 6.6
adding, 6.6.2
name description and class, 6.6.2
plug-ins, 6, 6.4.2, 6.4.4
customize
policies, 2.2.2
cut and paste
BASE64 CRL, 8.4.2
cut-and-paste, 1.3.3.4, 4.2
cutting and pasting, 1.3.1
cwallet.sso, 7.1.3, 7.2.1, 7.8, A.2

D

data integrity, 1
database
connect string used, 5.2.4.7
database connection pool, A.1, A.3
Database Pool Scheme, 5.2.4.7
Database Pool Size, 5.2.4.7
Database Settings, 5.2.4.7
date, 7.2.4
days to next CRL update, 4.6
DB, A.1, A.6
decipher, 8.2
decryption, 1.1, 1.1.1, 8.2
by appropriate recipient only, 1.1
infeasible, 1.3.3.2
messages, 1.1.2.1
time and effort, 1.2, 1.3.3.2
Default Base DN Components, 5.2.4.6
Default Constraint-specific Policy Rules, 6.3
default deployment, 3.4.2
advantages, 3.4.2
installation instructions, 3.4.2
default period
renewal, 6.3.5, 6.3.5, 6.3.5, 6.4.3
default policy rules, 2.2.2
defaults, 6.1, 6.4.5.1
in a policy
when used, 6.5
key sizes, 6.4.1
policies, 6.3
renewal validity period, 6.3.5
validity period, 6.4.1
Delegated Administration Service, 2.1.1, 2.1.3
delete
predicate, 6.4.5.3
delete a policy, 6.4.5.3
deleting
policies, 6.4
departments
Sub CA signing wallet, B.2.1
deployment
default, 3.4.2
advantages, 3.4.2
installation instructions, 3.4.2
recommended, 3.4.3
advantages, 3.4.3
installation instructions, 3.4.3
strategies, 3.4
using cold failover, 7.7.1
describing
a policy plug-in, 6.2
Developing a Custom Policy Plug-in, 6.6
digital certificates, 1.1.2, 1.2
approving requests, 4.5.1
binary file, A.7
contents and uses, 1.1.2.3
encryption, 2.3
management, 4.5
pending, 2.2.5
rejecting, 4.5.1.2
renewing, 4.5.4
request, 2.2.1, 2.2.3, 2.2.5, 2.3, 2.3.1, 2.3.3
revoking, 4.5.3
signing, 2.3
signing/SSL, 2.4
SSL, 2.3
viewing, 4.5.2
digital signature, 1, 1.1.2.3, 1.1.2.3, 1.2, 1.3.2, 2.2.1
digital transactions
sign, 1.2
DIGITAL_SIGNATURE, B.2
directory
connections, 7.6.3
for Sub CA Signing wallet, B.2
directory integration services, 1
directory services, 1
Directory Settings, 5.2.4.8
directory synchronization
scheduling, 5.2.2.3
disabling
policies, 6.2, 6.4
RenewalRequestConstraint, 6.3.5
RevocationConstraints, 6.3.4
RSAKeyConstraints, 6.3.1
uniquecertificateconstraint, 6.3.3
validity rule, 6.3.2
disabling policy rules, 6.2
disabling proxy servers, F
displaying connection information, 7.6.3
distinguished name, 4.5.6.2, 6.5
DN, 1.1.2.3
distinguished name (DN), 1.1.2.3

3

DN, 1.1.2.3, 2.3.3, 4.2, 4.2, 4.2, 4.2, 4.2, 4.2, 4.5.6, 4.5.6, 4.5.6.2, 4.5.6.2, 4.5.6.2, 4.5.6.2, 4.5.6.2, 4.5.6.3, 4.9, 4.9, 4.9, 4.9, 4.9, 5.2.4.6, 6.3.3
advanced, 4.5.6, 4.5.6.3
configuring defaults for manual enrollment, 5.2.4.6
contiguous string to root, 4.5.6
distinguished name, 4.5.6.2
relative, 4.5.6.3

.

DN, 6.3.3, 6.3.3, 6.3.3, 6.3.5, 6.4.1, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5.1, 6.6.1, 6.6.5
complete, 6.5
contiguous & complete, 6.3.5
follows RFC1779, 6.5
in predicate, 6.5
invalid, 6.5
least significant component, 6.5
matching, 6.5
most significant component, 6.5
partial, 6.5
root, 6.5
rules for matching, 6.5
valid, 6.5

D

DN, 7.4, 7.9, 7.9, 7.9, 7.9, 7.9, 8.2.1.4, 8.2.1.4, 8.2.1.4
DN field separator, 6.3.5, 6.5, 8.2.1.4
domain components, 2.3.3
Down CA Certificate, B.2.1
download, 8.1
CA certificate, 8.2
CRL, 8.2
into file system
certificate or CRL, 8.1
Download CRL, 4.6
download CRL, 2.2.3
Download to your local disk (CRL), 4.6
downloading, 8.3
downloading a CA Certificate, 8.3
drastic operation, 4.5.3, 7.2.2
dynamic, 5.2.4.7

E

Ease of Use for Administrators and End Users, 2.2.3
eavesdropper, 1.1.1
E-Business Suite, 2.1.3
edit
in Policy subtab, 6.2
edit a policy, 6.4.5.1
editing
trusted uses, 8.2.1.1, 8.2.1.2.2
elements
in a log, 5.3
of a practice statement, 3.2.2
email, 4.5.1.1, 5.2.2
server, sender, template, 5.2.2.1
to SSO users for OCA URL, 4.8.1
email address search, 4.5.6
email clients
use CRLs, 4.6
verify incoming SMIME messages, 4.6
emailProtection, D.1.1
embedded HTML link
for SSO users, 4.8.1
enable a policy, 6.4.5.2
enabling
a policy plug-in, 6.2
RenewalRequestConstraint, 6.3.5
RevocationConstraints, 6.3.4
RSAKeyConstraints, 6.3.1
uniquecertificateconstraint, 6.3.3
validity rule, 6.3.2
Enabling PKI Authentication with SSO and OCA, 4.9.1
enabling policy rules, 6.2
enabling proxy servers, F
enabling ssl and pki for SSO, 4.9.1
enabling SSL and PKI on SSO, E
encryption, 1.1, 1.1.1, 1.1.2.3, 1.2, 1.3.3.2, 2.3
algorithms, 1.1
asymmetric, 1.1.1
certificate usage definition, D.1
messages, 1.1.2.1
scheme, 1.1.1
symmetric, 1.1.1
unique for different users, 1.1
end-entity, 4.5.6.2, 4.6, 8
end-user, 4.5.6.2, 8
interface, 8
end-user interaction
two types, 8.2
End-User Tabs and Processes, 8.2
enforcing
policies, 6.2
enrollment form
Server/SubCA, 8.2.3, 8.2.3, 8.2.3, 8.2.4, 8.2.4, 8.2.4, B.1, B.1, B.2.1, B.2.1, B.2.1
Enterprise User, 2.1.3
entities
trusted, 1.1
vouch for relationship, 1.1
entity, 1.1.2
error, 8.2.1
evaluating requests
policies, 6.2
evaluation
of multiple predicates, 6.5.1
evaluation example
multiple predicates, 6.5.1.1, 6.5.1.2
Evaluation Example for Multiple Predicates, 6.5.1.1
events
notification, 5.2.2
ewallet.p12, 7.1.2.1, 7.1.3, 7.2.1, 7.2.1, 7.8, A.2, B.2, B.2.1
examples
of DN matching in predicates, 6.5
existing certificates
using, 5.2.4.2
expired, 2.1.5
expired certificate, 4.5.4
expired certificates, 6.3, 6.3.4
export, 1.3.3.1, 8.6
certificate from browser, 8.6
expression
predicate, 6.1
complete, 6.3.5
contiguous, 6.3.5
Expression text box, 6.4.5.1
expressions
logical, 6.5
operators, 6.5
predicate, 6.5
extensions, 1.1.2.3
external access, F

F

Field Name
form, 4.2
file permissions
protect SSO wallet, 7.2.1
files
admin.log, 7.5.1, A.16
admin.trc, 7.5, 7.5.1, A.16
cwallet.sso, 7.8
ewallet.p12, 7.8
ias.properties, 7.6.1
log, 5.2.4.5
oca_cps.html, 3.2.2
oca.conf, 7.6.3, 7.8, 7.8
oca.trc, 7.5, 7.5.1, A.16
ocm_apache.conf, 7.8
ocmpassword.p12, 7.8
operating system, 7.5.1, A.16
osso.conf, 7.8, E.3, E.3, E.3, E.3.1, E.3.1
trace, 5.2.4.5
find, 4.5.5
finding (see listing & search), 4.5.5
fingerprint
certificate, 1.1.2.3
Firefox, 8.4.1.1, 8.5, 8.6, 8.7
firewall, F
Fixed Increment, 5.2.4.7
Fixed wait scheme, 5.2.4.7
flexible policy, 2.2.2
form
administrator, 2.2.3
authentication, 4.2
field names, 4.2
format, A.2

G

Gemplus, 4.2, 8.2.1.1
General subtab, 5.2.3, 5.2.4
database & directory settings, 5.2.3, 5.2.4
DN defaults, 5.2.3, 5.2.4
parameters, 5.2.3, 5.2.4
publishing, 5.2.3, 5.2.4
settings, 7.6.3, A.1
SSL & SSO, 5.2.3, 5.2.4
general subtab tasks & discussions, 5.2.1
generate CRL, 2.2.3
generatewallet, A.1, A.1, A.1, A.7, A.8
generating
Sub CA signing wallet, B.2.1, B.2.2
generating the CRL, 4.6
get certificate, 2.3.1
Globalization Support, 2.2.4, 7.2.4
Go (not Enter), 4.5.5
graphical user interface (see GUI), 5.1

H

help, A.1, A.1
Hierarchical Certificate Authority Support, 2.4
hierarchy of CAs, B.2
hierarchy of trust, 1.1.2.2, 2.4
geographically distributed, 2.4
high availability, 1
high-availability features, 7, 7.7
Hold (revocation reason), 4.5.3
home page, 4.4, 8.1
HTTP Server, 4.1, A.2, B.2.2
in SSL mode, 7.1.2.1
HTTP server, 7.7.1
http.conf, 8.4.2
HTTPS, 2.3, 2.3.2, 3.4.1, 7.1.2.1, B.2.2

I

ias.properties file, 7.6.1
icon
lock, 8.2.1.2.2, 8.2.2.3
identity, 1.1.2, 1.3.1
Identity Management, 1.1.2.4, 2, 2.1.1, 2.1.3, 2.1.4
identity management
solution, 2.1
Identity Management Infrastructure, 1.3.2
ID/Serial, 4.5.5
IETF, 1.1.2.3, 2.2.1
IM Services
changing OCA's, 7.6.1, 7.6.1
import, 1.3.3.1, 4.5.1.1, 4.5.5, 7.2.1, 8.1, 8.2, 8.2, 8.2, 8.2.1.1, 8.2.1.2.1, 8.2.1.2.1, 8.2.1.2.2, 8.3, 8.3, 8.3, 8.5
administrator certificate, 4.2
CA certificate, 7.2.1
certificate, 4.8.2
trusted activities, 8.2.1.2.2
into browser
certificate or CRL, 8.1
import CA certificate, 7.2.1
Import Certificate, 4.2
import subCA certificate, B
Import to Browser
SSO, 4.8.2
Import to Browser (CRL), 4.6
importation, 4.2
importing
Sub CA Signing Wallet, B.2
the administrator's certificate, 2.2.3
Importing a Certificate from Your File System, 8.7
Importing a Certificate to Your Browser, 8.5
importwallet, A.1, A.1
inconsistent state
after CA revocation, 7.2.2
Information message, 6.4.5.4
infrastructure, 1, 1, 1.1.2.4, 2, 2.1.3
re-associating, 7.6
install, 1.3.3.1, 7.2.1, 8.1, 8.2, 8.2, 8.2.1.1, 8.2.1.2.1, 8.2.1.2.2, 8.3
Install in Browser, 8.2.1.1
installation values, 4.9
installing
Sub CA Signing Wallet, B.2
installing new CA
steps, 7.2.2
installing the administrator's certificate, 2.2.3
integrity, 1.2
Internet Explorer, 2.2.1, 2.3, 4.2, 8, 8.2.1, 8.2.1.1, 8.3, 8.4.1.2, 8.6, 8.7
interoperability, 1.3.3.1, 1.3.3.1
interval, 4.6
CRL and certificate synchronization in directory, 5.2.2.3
CRL generation, 5.2.2.3
pending certificate requests queue length exceeded, 5.2.2.2
introduction to OracleAS PKI, 1.3
invalidating
certificates, 7.2.2

J

J2EE, 2.1.3
JAAS, 2.1.3
jar, 6.4, 6.4.5.5, 6.6.2
Java class, 6.1, 6.6.2
java class, 6.4.5.5
register, 6.6
Javadoc, 6.6
jobs
scheduled, 5.2.2.3

K

key, 1.1.1
asymmetric, 1.1.1
binary number, 1.1.1
in a PKI, 1.1.1
owner, 1.1.2
pairs, 1.1.1, 1.1.1
private, 1.1.1
public, 1.1.1, 1.1.2
separate, 1.1.1
symmetric, 1.1.1
validation, 1.1.2
Key Compromise (revocation reason), 4.5.3
key lengths, 2.2.1
Key Size, 8.2.1.1
key size, 4.2, 4.2, 4.2, 8.2.1
choices, A.1
default maximum, 6.3.1
default minimum, 6.3.1
default range as shipped, 6.5.1.1
minimum & maximum, 6.3.1
predicate, 6.3.1
RSAKeyConstraints, 6.3.1, 6.3.1
key sizes
defaults, 6.4.1
narrow/widen range, 6.4.1
Key Store, 8.2.1.1
key store, 4.2
KEY_CERT_SIGN, B.2
KEY_COMPROMISE (revocation code), 4.3
key-pairs, 1.2, 1.2, 4.2, 4.2, 8.2.1.1
keys
distribution methods, 1.1
KeyUsageExtensions, B.2

L

LDAP, 1.3.3.3, 2.2, A.1
least significant component of DN, 6.5
least significant RDN, 6.5.1
levels
CAs, 1.1.2.2
trust, 1.1.2.2
link OCA with SSO, 4.8
linksso, 4.8.2, A.1, A.1
list, 4.5.5
of ports, 4.4
revoked certificates, 4.5.5
Listing a Certificate Request or an Issued Certificate, 4.5.5
little-endian order, 6.5
local entry name, 6.5
locale, 7.2.4
location of wallets and values, 4.9
lock icon, 8.2.1.2.2, 8.2.2.3
LOG, A.1
log, 7.5
clearing, 7.5.1
elements, 5.3
stored in repository, 7.5.1
log file, 5.2.4.5
logger, A.1, A.3
logging, 5.2.4.5
logical
operators, 6.5
logical expression
used in predicates, 6.5
logs
messages re errors during OCA use, 5.3
viewing, 4, 5.3

M

managing
certificates, 4, 4.5
configuration, 4
policies, 6, 6.4
overview, 6.2
Managing Certificates, 4.5
managing certificates, 4
Manual
Authentication, 8.2.1.4
manual, 8.2.1
Manual Approval, 2.3.3
manual approval, 8.2
additional options, 2.3.3
information required, 2.3.3
server and subordinate CA, 2.3.3
manual authentication, 8.2.1.4
manual user certificate, 6.3.2
mapping a BigIP to an OCA virtual host, F
match
predicate, 6.5
matching
DNs, 6.5
first not best, 6.5.1
policy evaluations, 6.5
results if no match, 6.5.1
rules re DNs, 6.5
MD5 with RSA, 4.6
message
shows change worked, 6.4.5.4
message digests
signing, 8.2
messages
private, 1.1.1
Microsoft
Basic Crypto, 4.2, 8.2.1.1
Enhanced Crypto, 4.2, 8.2.1.1
Strong Crypto, 4.2
mod_osso, E.3
SSO, 2.3
modifying policy rules, 6.2
most significant component of DN, 6.5
Mozilla, 8.2.1
multiple
CRLs, 4.6
predicates, 6.3.1
multiple certificates, 6.3
allow/disallow, 6.4.1
constraint, 6.3.3
same usage, 6.4.1
Multiple Predicate Evaluation, 6.5.1
multiple predicates, 6.5
evaluation example, 6.5.1.1, 6.5.1.2
multiple servers, 4.6
saving CRL, 4.6
mutual authentication, F

N

name
certificate signer, 8.2.1.1, 8.2.1.2.2
naming
a policy plug-in, 6.2
National Language Support (NLS), 7.2.4, 7.2.4
Netscape, 2.3, 4.2, 8, 8.2.1, 8.2.1.1, 8.2.1.1, 8.4.1.1, 8.5, 8.6, 8.7
Netscape Communicator, 2.2.1
nickname, 4.8.3
NLS, 7.2.4, 7.2.4, 7.2.4
nodes
changes, A.1
NON_REPUDIATION., B.2
non-repudiation, 1, 1.2
signed messages, 1.1
notification
events, 5.2.2
notification subtab, 5.2.2
notification subtab tasks & discussions, 5.2.1
notifications
CA SMIME wallet, 7.1.2.2
configuring, 5.2.2.1, 7.1.2.2

O

OC4J, 3.4.1, 4.1, 7.7.1, A.1, A.2, A.3, A.11, A.12, B.2, B.2, B.2.2
starting & stopping, 4.8.2, 6.6.2, 6.6.2, A.3, A.4, A.11, B.2
stopping & starting, A.11, B.2
OCA, 1.3.2, A.1
repository, 2.2.5
OCA connection information
where stored & displayed, 7.6.3
OCA repository, 7.1.1, A.7
oca_cps.html, 3.2.2
oca/bin, A.1
oca.conf, 7.6.3, 7.8, 7.8, A.1, A.14
OCAcrlBase64.txt, 8.4.2
OCAcrl.crl, 8.4.2
ocactl, 2.2.3, 4.1, 4.3, 4.5.3, 7.1.1, 7.1.3, 7.2.3, 7.7.1, A
configure OCA link with SSO, 4.8.2
general form, A.1
Operations and Parameters, A.1
requires admin password, 7.1.4
oca.trc, 7.5, 7.5.1, 7.5.1, A.16
ocm_apache.conf, 7.8
ocmpassword.p12, 7.8
OFF, A.1
OHS, 3.4.1, 4.1, A.2
ohs
starting & stopping, 6.6.2, 6.6.2, A.3, A.11, B.2
stopping & starting, A.11, B.2
OID, 1.3.3.3, 4.1, 7.6.3
SSO usage, 4.8.2
ON, A.1
one-time session password, 1.3.3.2
open standards, 2.2.1
operating system file permissions
protecting SSO wallet, 7.1.2.1
operating system files
removing, 7.5.1, A.16
operations, A.1
PKI, 1.1.2.4
operators
logical, 6.5
OPMN, 7.1.2.1
opmnctl, 7.2.3
OR logical expression, 6.5
Oracle Application Server Certificate Authority, 2.1.4
components needed, 3.4.1
Oracle Certificate Authority
OCA, 1.3.2
Oracle Collaboration Suite, 2.1.4
Oracle Home, 3.4.3
Oracle HTTP Server
Apache, 7.1.2.1
checks SSL validity, 4.6
Oracle Identity Management, 1, 1.1.2.4
Oracle Internet Directory, 1.3.2, 1.3.3.3, 2.1.1, 2.1.3, 2.3.1, 3.4.1, 4.1, 7.6.3
SSO usage, 4.8.2
Oracle Label Security, 2.1.3
Oracle Single Sign-on Authentication, 2.3.1
Oracle wallet, 1.1.2.4
Oracle Wallet Manager, 1.3.3.1, B, B.2.1, B.2.1
ORACLE_HOME, 3.2.2, 6.4.5.5, 7.1.2.1, 7.2.1, 7.5, 7.5.1, 7.8, 7.8, B.2.2
OracleAS WebCache
configuring, H
orapki, A.11
order of policies, 6.2
order of predicates, 6.5.1
osso.conf, E.3
osso.conf file, 7.8, E.3, E.3, E.3.1, E.3.1
overriding policies
when issuing a certificate, 6.4
overview
web administrative interface, 4.4
OWM, 1.3.3.1, 7.2.1, B, B.2.1
owner, 4.5.6.2

P

parameters, 6.1, 6.4.5.1, A.1, A.1
allowExpiredCerts, 6.3.4
defaults ranges & values, 6.1
policy, 6.4
validity constraints, 6.3.2, 6.3.2
values, 6.4.5.1
password, 4.3
admin
required for ocactl, 7.1.4
administrator, 2.2.3, 4.1, 4.2, 4.2, 4.2, 4.2, 4.3, 4.3, B.2
browser security, 4.2, 4.2
changing, A.6
encrypting private key, 7.1.1, A.7
lost, 7.2.3
new, A.6
requested during generation, 7.1.1, A.7
SSL Server wallet, 7.2.1
store, B.2
wallet, 7.1.2.1
changing, 7.1.4
password store, A.7
passwords, 8.6, A.1, A.3, A.6, A.8
CA, 7.1.4
CA SMIME, 7.1.4
CA SSL wallet, 7.1.4
path
CRL, 4.6
path length, 4.5.1.1
path-length
number of Sub CA levels, B.2.1
peer identity, 1.1.2.4
pending, 4.5, 4.5.6, 4.5.6.5
pending certificate requests, 4.4.1
PKCS Standards, 2.2.1
PKCS#10, 1.3.3.1, 2.2.1, 8.2.3, 8.2.3, B.2.1
PKCS#12, 1.3.3.1, 1.3.3.1, 7.1.2.1, 7.1.2.1, 7.2.1, 8.6, A.2, A.2, A.2
PKCS#7, B.1
PKI, 1, 8.2.4
benefits, 1.2, 1.3.2
certificate, 1.1.2
components, 1.3.3
containers, 1.1.2.4
credentials, 1.1.2.4
definition, 1.1
earlier costs and difficulties, 1.3.1
enabling with SSL for SSO, E
for secure data transmission and storage, 1.1
introduction, 1.3
operations, 1.1.2.4
requires SSL, 4.8
with SSO and OCA, 4.9.1
PKI-based single sign-on, 1.3.3.3
PKIX, 2.2.1
plug-in policy modules, 2.2.2
plug-ins, 6, 6.1, 6.2, 6.5, 6.6, 6.6.2
class, 6.4
custom
examples, 6.6
policy, 6.4.4
custom policy, 6.4.2
default, 6.6
jar, 6.4
policies, 2, 2.3.3, 4.2
add (custom only), 6.4.5.5
adding, 6.4, 6.4
administering, 6.2
altering requests, 6.3
applying, 6.2
changes require restart, 6.4
custom, 6.6
no predicates, 6.5
default rules, 6.3
delete (custom only), 6.4.5.3
deleting, 6.4
disabling, 6.4
edit, 6.4.5.1
enable, 6.4.5.2
enforcing, 6.2
evaluate requests, 6.2
for different user populations, 6.5
formulating and applying, 6.2
jar, 6.4
java class, 6.4
managing, 6, 6.4
order, 6.2
overriding
when issuing a certificate, 6.4
parameters, 6.4
predicates, 6.4
processing, 6.2
renewal, 6.4.3
RenewalRequestConstraint, 6.3, 6.3.5
reorder, 6.4.5.4
reordering, 6.4
restricting parameter values, 6.2
RevocationConstraints, 6.3, 6.3.4
RSAKeyConstraints, 6.3, 6.3.1
sample custom, 6.4.2, 6.4.4
sequence, 6.4
supplied, 6.3
supplied rules, 6.3
UniqueCertificateConstraint, 6.3, 6.3.3
ValidityRule, 6.3
what they specify, 6.4
policy, 2.2.2
add (custom only), 6.4.5.5
concepts and definitions, 6.1
creating
steps, 6.6.2
custom plug-ins, 6
defaults
when used, 6.5
deleted, 6.4.5.2
description, 6.4.5.5
flexible, 2.2.2
Java class, 6.1
management, 6.2
name, 6.4.5.5
object class, 6.4.5.5
predicate, 6.1
processing
sequential, 6.2
processor module, 6.2
rule, 6.1
security, 2.2.2, 2.3.3
Policy Actions, 6.4.5
delete, 6.4.5.3
edit, 6.4.5.1
enable, 6.4.5.2
policy default values
applying, 6.5.1
policy evaluations
DN matching, 6.5
policy modules, 2.2.2
customize, 2.2.2
policy rule
multiple predicates, 6.5.1
policy rules
all re renewals, 6.4
all re requests, 6.4
all re revocations, 6.4
and plug-ins, 6.2
creating, 6.2
enable disable or modify, 6.2
Policy Sub-tab, 6.2, 6.4
tasks & discussions, 5.2.1
pop-up
blocking, 4.8.2, 4.8.2, 7.4, 7.4
screen, 4.8.2
port, 4.2, 4.2, 4.4, 8.1
changes, A.1
default values, 4.9
information, 4.4
list, 4.4
SSL, 4.8.1
practice statement
elements, 3.2.2
predicate, 6.1
adding, 6.5.1.4
attributes, 6.5
certificate types, 6.5
corresponding values used, 6.5
delete, 6.4.5.3
expression, 6.1
if no match, 6.5.1
key size, 6.3.1
matching request element, 6.5
multiple, 6.5
evaluation example, 6.5.1.1, 6.5.1.2
not in custom policies, 6.5
operators, 6.5
optional, 6.5
order, 6.5.1
RenewalRequestConstraint, 6.3.5
reordering, 6.5.1.3
RSAKeyConstraints, 6.3.1
specifics, 6.5
strings
case-insensitive, 6.5
validity period, 6.3.2
value
asterisk, 6.5
values, 6.5
Predicate Attributes, 6.5
predicate expression
complete, 6.3.5
contiguous, 6.3.5
evaluation, 6.5
logical, 6.5
not matched, 6.5
predicate order
criterion, 6.5.1
predicates, 6.4.5.1
complex, 6.3.1
examples, 6.3.1
multiple sets, 6.3.1
policy, 6.4
Predicates in Policy Rules, 6.5
preventing
repudiation of signed messages, 1.1
unauthorized access, 1.1
private key, 1.1.1, 1.2, 4.5.3, 8.2, 8.2.2.3, 8.6, 8.6, 8.6
compromised, 4.3, 7.2.3
encrypted, 7.1.1, A.7
for decryption, 1.1.1
lost, 4.3
new CA, 7.1.1, A.7
password lost, 7.2.3
signs certificate, 1.1.2.1
stolen, 4.3, 7.2.3
validation using public key, 1.1.2.1
private messages, 1.1.1
privileges, 1.3.3.3
propagating, 2.1.4
properties
certificate, 2.2.2
properties file, 7.6.1
protocols
PKCS#10, 2.2.1
Signed Public Key and Challenge, 2.2.1
provisioning, 2.3.1
automatic, 2.3
manual, 2.3
Provisioning Integration, 2.1.3
proxy servers, F
public key, 1.1.1, 8.2, 8.2.4
can verify CA signature, 1.1.2.1
for encryption, 1.1.1
owner, 1.1.2.1
Public Key Infrastructure, 1
public-key certificates, 1.2
publish
OCA URL for SSO users, 4.8.1
SSO certificate, 4.8.2
publishing, 2.1.4, 2.1.5
certificates, 5.2.4.1, 7.6.3

R

RA, 1.1.2.2, 1.1.3, 1.3.1, 1.3.2
within OCA, 1.1.3
ranges, 6.1
RDN, 4.5.6.3, 6.5, 6.5
child of RDN, 6.5
least significant, 6.5, 6.5.1
multiple usage, 6.5
reason codes
revoke, 4.3
reasons
revocation, 7.2.3
re-associating
infrastructure, 7.6
repository, 7.6
Re-associating Oracle Application Server Certificate Authority Infrastructure, 7.6
recommended deployment, 3.4.3
advantages, 3.4.3
installation instructions, 3.4.3
regenerating
CA signing certificate, 7.1.1
CA Signing Wallet, 7.1.1
CA SMIME wallet, 7.1.1, 7.1.2.2, A.7
CA SSL certificate
circumstances, B.2.2
CA SSL Wallet, 7.1.2
CA SSL wallet, 7.1.1, A.7
wallet, B.2.2
wallets, 7.1.1, 7.1.2.1
Re-generating the CA Signing Wallet, 7.1.1
Regenerating the Certificate Authority's SSL Certificate and Wallet, A.8
Regenerating the Root Certificate Authority's Certificate, A.7
register
class, 6.6
Registration Authority
RA, 1.1.2.2
registration authority, 1.1.3, 1.3.1
registration tool
SSO, E.3
reject, 2.2.3, 4.5, 4.5.1.2, 4.5.5
rejected, 4.5, 4.5.6, 4.5.6.5
Rejecting Certificate Requests, 4.5.1.2
relative distinguished name, 6.5
relative DN, 4.5.6.3
Remove From CRL (revocation reason), 4.5.3
remove link with SSO, 4.8.2
REMOVE_FROM_CRL (revocation code), 4.3
removing
operating system files, 7.5.1, A.16
renew, 1.1.3, 4.5, 4.5.5, 6.3, 6.3.5, 6.3.5, 6.3.5, 6.4.3, 8.2, 8.2.2
expired certificates, 6.3
whether/when, 6.4.3
renewal, 6.3.5
all policy rules, 6.4
default period, 6.3.5, 6.3.5, 6.3.5, 6.4.3
policy, 6.4.3
renewal window, 4.5, 4.5.4, 6.3.5, 6.3.5, 6.3.5, 6.4.3
RenewalCertificateRequestConstraints, 4.5.4
renewalNotAfter, 6.3.5, 6.4.3
renewalNotBefore, 6.3.5
RenewalRequestConstraint, 6.3, 6.4.3
predicate, 6.3.5
renewcert, A.1, A.1
renewed, 4.5.4
renewing, 7.1.3
critical wallets, 7.1.3
expiring certificates, 7.1.3
Renewing Certificates, 4.5.4
Reorder, 6.4.5.1
reorder a policy, 6.4.5.4
reordering
policies, 6.4
Reordering Predicates, 6.5.1.3
replace
administrator certificate, 4.3
repository, 2.2.5, 2.3.1, 3.4.1, 4.1
connections, 7.6.3
contains logs, 7.5.1
OCA, 7.1.1, A.7
re-associating, 7.6
separate, 7.6
request, 1.3.3.1, 2.2.1, 2.2.1, 2.2.3, 2.2.5, 2.3, 2.3.1, 2.3.1, 2.3.3, 2.3.3, 4.2, 4.5, 4.5.1, 4.5.6.1, 8.2
CA signing, 8.2.3
code signing, 8.2.3
new, 8.2
pending, 4.4.1
signing, 8.2.3
SSL/encryption, 8.2.3
validity, 6.1
requests
altering by policies, 6.3
policies rejecting, 6.2
subjected to policies, 6.2
required fields, 2.3.1
re-registering
OCA with SSO, E.3
restart, 4.1, 4.3, A.1, A.1
restarting
SSO server, 4.8.2
restrict
DNs in certificates, 6.4.4
restricting
certificate parameter values, 6.2
retrieve, 8.2.2
revocation
reasons, 4.3, 4.5.3.1, 7.2.3
revocation reasons, 4.5.3
RevocationConstraintRule, 6.4.2
RevocationConstraints, 6.3, 6.3.4
revoke, 1.1.3, 2.1.5, 2.2.3, 2.3.1, 4.3, 4.3, 4.5, 4.5.3, 4.5.5, 8.2, 8.2.1.1, 8.2.2, 8.2.2.3
all policy rules, 6.4
expired certificates, 6.3.4, 6.4.2
revokecert, 7.2.2, A.1, A.1
revoked, 4.5.5
revoked CA
administrator cannot access, 7.2.2
revoked certificates
list, 4.5.5
revoking
a Certificate Authority certificate, 7.2.2
reasons, 7.2.3
required before installing new CA, 7.2.2
root certificate authority certificate, 7.2.2
web administrator's certificate, 7.2.3
Revoking Certificates, 4.5.3
RFC1779
DN usage, 6.5
role, A.1, A.6
root, 2.4, 8.2.4, A.7
CA, 1.1.2.2
root CA
certificate, 4.5.3
root CA signing wallet, B.2.1
root certificate authority (CA), 7.1.1
Root Store, 8.2.1.2.1
RSA, 2.2.1, 4.6
RSAKeyConstraints, 6.3, 6.3.1
default maximum key size, 6.3.1
default minimum key size, 6.3.1

S

save, 8.1
save CRL, 2.2.3
save or install
CA certificate, 8.2
save or install CA certificate, 8.3
save or install CRL, 8.2, 8.4, 8.4.2
saving CRL, 8.4.2
scalability, 1
Scalability, Performance, and High Availability, 2.2.5
scheduled jobs, 5.2.2.3
seamless, 2.1.5
search, 4.5.5, 8.2
advanced, 4.5.6, 4.5.6
criteria, 4.5.6
all pending requests, 4.5.5
by
DN or DN component, 4.5.6
email, 4.5.6
serial number, 4.5.6
for single certificate or request, 4.5.5
single issued certificate, 4.5.5
single request, 4.5.5
using advanced DN, 4.5.6.3
using Certificate Status, 4.5.6.5
using DN, 4.5.6.2
using request status, 4.5.6.1
using serial number range, 4.5.6.4
Search Certificate Request using Request Status, 4.5.6.1
Search Using Advanced DN, 4.5.6.3
Search Using Certificate Status, 4.5.6.5
Search Using DN, 4.5.6.2
Search Using Serial Number Range, 4.5.6.4
secure communications, 1
secure email, 2.1.3
Secure Socket Layer (SSL-based) Authentication, 2.3.2
Secure Sockets Layer, 1.3.3.2
SSL, 1.3.3.2
security policy, 2.3.3
self-service, 2.1.3
Send SMIME E-Mails, 7.1.2.2
sending
signed alerts & notifications, 5.2.2.1, 7.1.2.2
serial number
certificate, 1.1.2.3
new Sub CA, B.2
range, 4.5.6
range search, 4.5.6.4
Sub CA, B.2.1
serial number search, 4.5.6
server, 4.5.6.2
certificate type, 6.5
certificates, 6.3.2, 8.2, 8.2.3
types, 8.2.3
SSL authentication, 7.1.2.1
server authentication, F
server certificate
acquiring, 8.2.3
server entities, 8
verification, 4.6
server request
manual, 2.3.3
serverAuth, D.1.1
servers
multiple, 4.6
Server/SubCA
certificate request, 8.2.3, 8.2.3, 8.2.3, 8.2.4, 8.2.4, 8.2.4, B.1, B.1, B.2.1, B.2.1, B.2.1
enrollment form, 8.2.3, 8.2.3, 8.2.3, 8.2.4, 8.2.4, 8.2.4, B.1, B.1, B.2.1, B.2.1, B.2.1
Server/SubCA Certificates Tab, 8.2.3
Server/SubCA Certificates tab, 2.2.3, 8.2
session key management, 1.3.3.2
set, A.1, A.1
setpasswd, A.1, A.1, A.6
settings
database, 5.2.4.7
directory host/agent/port in use, 5.2.4.8
General subtab, 7.6.3, A.1
SHA1 with RSA, 4.6
sign digital transactions, 1.2
signature
digital, 1, 1.1.2.3, 1.1.2.3
signature algorithm, 4.6
signer, 8.2.1.1, 8.2.1.2.2
signing, 1.1.2, 1.1.2.1, 2.3, 8.2.1.1, 8.2.4, A.1, A.7
certificate authority, 1.1.2
certificate usage definition, D.1
message digests, 8.2
software, 8.2
signing certificate, 2.4
single certificate or request
finding, 4.5.5
Single Sign-on, 2.1.4
single sign-on, 1, 1.3.2, 1.3.3.3, 2.1.1
Single Sign-on (see SSO), 4.8
Single Sign-on Authentication (SSO), 8.2.1.1
smart card, 2.2.1, 2.3, 8.2.1
SMIME, 2.2.1, 4.6, A.1
SMIME wallet, 7.1.1, 7.1.3
software
signing, 8.2
SSL, 1.1.2.3, 1.1.2.4, 1.3.3.2, 1.3.3.2, 1.3.3.3, 2.3.3, 8.2.1, 8.2.1.3, A.1, A.6
authentication, 8.2
certificate, 2.4
enabling with PKI for SSO, E
not SSO default, 4.8
PKI requires, 4.8
port, 4.4, 4.8.1
publishing, 5.2.4.1
user
validity period, 6.3.2
user can renew, 8.2.2, 8.2.2.2
user can revoke, 8.2.2.3
validity check, 4.6, 4.6
with OCA, 7.1.2.1, B.2.2
SSL authentication
server, 7.1.2.1
SSL mode
configured automatically, 7.2.1
SSL server
wallet password, 7.2.1
SSL Server wallet, A.2
SSL wallet, 7.1.1
SSLCARevocationFilePath, 8.4.2
SSO, 1.3.3.3, 2.1.1, 2.2.3, 2.3, 2.3.1, 2.3.3, 3.4.1, 4.8, 8.2.1, 8.2.1.1, A.2
application usage, 4.8.3
broadcast OCA request page, 4.8, 4.8.1
can use OCA certificate, 4.8.2
default deployment, 4.8
enabling PKI with OCA, 4.9.1
enabling ssl and pki, 4.9.1
enabling with SSL and PKI, E
getting an OCA certificate directly, 4.8
import certificate to browser, 4.8.2
link with OCA, 4.8.2
login page, 8.2.1.1
mod_osso, 2.3
OCA configuration choices, 4.8
registration tool, E.3
server restart, 4.8.2
usage of certificates, 4.8.3
user
validity period, 6.3.2
user can renew, 8.2.2, 8.2.2.2
user can revoke, 8.2.2.3
users
choose key size, 4.8.2
wallet, 7.2.1
welcome page, 4.8.2
SSO Certificate Request, 4.8.1
SSO wallet
encrypted, 7.2.1
protected by file permissions, 7.2.1
standards, D
start, 2.2.3, 4, 4.1, 4.1, 4.3, A.1, A.1, A.1, A.1, A.3
OC4J, 4.8.2, 6.6.2, 6.6.2, A.3, A.4, A.11, A.11, B.2, B.2
ohs, 6.6.2, 6.6.2, A.3, A.11, A.11, B.2, B.2
status, 4.1, A.1, A.5
approved, rejected, or pending, 4.5.5
certificate
valid, revoked, expired, 4.5.6, 4.5.6.5
RenewalRequestConstraint, 6.3.5
RevocationConstraints, 6.3.4
RSAKeyConstraints, 6.3.1
uniquecertificateconstraint, 6.3.3
validity rule, 6.3.2
Steps in Creating a New Policy Plug-in, 6.6.2
stop, 2.2.3, 4, 4.1, 4.1, 4.3, 4.3, A.1, A.1, A.1, A.4
OC4J, 4.8.2, 6.6.2, 6.6.2, A.3, A.4, A.11, A.11, B.2, B.2
ohs, 6.6.2, 6.6.2, A.3, A.11, A.11, B.2, B.2
storing connection information, 7.6.3
string values, 6.5
Structure of the Administration Interface, 5.1
Sub CA
common name, B.2.1
new
invalidates older SMIME certificate, B.2.2
invalidates older SSL certificate, B.2.2
serial number, B.2
serial number, B.2.1
Sub CA certificate, 4.5.1.1
sub CA certificate
acquire and import, B
Sub CA Signing Wallet
installing/importing, B.2
Sub CA Signing wallet
directory, B.2
Sub CA signing wallet, B.2.1
generating, B.2.1
SUBCA, A.1
Subject Name, 4.2
Subordinate CA
certificates, 8.2.4
subordinate CA, 1.1.2.2, 2.4, 8.2.3
geographical advantages, 2.4
subordinate CA request
manual, 2.3.3
subordinate certificate authority
acquire and import, B
subordinate organizations
Sub CA signing wallet, B.2.1
subscriber name, 4.8.3
subtabs, 4.4, 6.4
General, 5.2.3, 5.2.4
SUPERSEDED (revocation code), 4.3
Superseded (revocation reason), 4.5.3
Support for Open Standards, 2.2.1
symmetric, 1.1.1
synchronization
directory, 5.2.2.3
syntax, A.1, A.2

T

tabs, 2.2.3
Administration Setup, 2.2.3
Certificate Management, 2.2.3
certificate management, 4.4.1
tasks
configuration, 5.2.1
general subtab, 5.2.1
notification subtab, 5.2.1
Policy Sub-tab, 5.2.1
Thawte, 1.1.2
third-party, 8.2.4
SSL wallet, 7.2.1
trusted, 1.1.2
third-party wallet, A.2
time, 7.2.4
top-down evaluation of predicates, 6.5.1.2
TRACE, A.1
trace, 7.5
clearing, 7.5.1
oca.trc, 7.5.1
trace file, 5.2.4.5
tracer, A.1, A.3
tracing, 5.2.4.5
training, 3.2.1.2
troubleshooting, C
trust
levels, 1.1.2.2
paths, 2.4
trust environment, 4.6
trust point, 7.2.1, B
trust points
copying, B.2.1
trusted certificate, B.2.1
editing uses, 8.2.1.1, 8.2.1.2.2
trusted entities, 1.1, 1.1.2.2, 4.5.1.1
trusted-certificate-DNs
allow/disallow requests, 6.4.1
trusting a certificate issuer in Firefox, 8.2.1.2.3
trusting a certificate issuer in Internet Explorer, 8.2.1.2.1
trusting a certificate issuer in Netscape, 8.2.1.2.2
TrustPointDNCustomRule, 6.4.4
type, A.1, A.6
types
certificate, 8.2
in predicates, 6.5

U

unauthorized access, 1.2
prevention, 1.1
UniqueCertificateConstraint, 6.3, 6.3.3
checks usage and DN, 6.3.3
uniquecertificateconstraint
parameter, 6.3.3
UNIX, 4.3
unlinksso, 4.8.2, A.1, A.1
UNSPECIFIED (revocation code), 4.3
Unspecified (revocation reason), 4.5.3
update CRL, 2.2.3
updateconnection, 5.2.4.7, 5.2.4.8, A.1, A.1, A.14
updating the CRL, 4.6
URL
certificate request for SSO users, 4.8.1
URLC token, 4.8.3
usage
CA signing, B.2.1
usages
in predicates, 6.5
use case, 3.5.2
user
training, 3.2.1.2
User Certificates page, 2.2.3
User Certificates tab, 2.2.3
user interface
accessing, 8.1
certificate operations, 8.2.2
certificate renewal, 8.2.2.2
certificate retrieval, 8.2.2.1
certificate revocation, 8.2.2.3
configuring your browser to trust OCA, 8.2.1.2
downloading a CA certificate, 8.3
end-user tabs and processes, 8.2
exporting wallet from browser, 8.6
importing certificate from your file system, 8.7
importing certificate to browser, 8.5
manual authentication, 8.2.1.4
saving CRL, 8.4.2
server/subca certificates tab, 8.2.3
SSL, 8.2.1.3
SSO, 8.2.1.1
subordinate CA certificates, 8.2.4
user certificates tab, 8.2.1
Using Advanced Search, 4.5.6

V

validation
key, 1.1.2
validity period, 4.2, 4.2, 4.5.1.1, 4.5.5, 6.3, 8.2.1.1, 8.2.3
default maximum, 6.3.2
default minimum, 6.3.2
default period, 6.3.2
defaults, 6.4.1
for SSO- or SSL-authenticated users, 4.5.4
for the CA, 6.3.2
default, 6.3.2
minimum and maximum, 6.3.2
narrow/widen range, 6.4.1
predicate, 6.3.2
rejecting, 6.3.2
renewcert, 7.1.3
wallets
default values, 4.9
validityPeriod
renewal default, 6.3.5
ValidityRule, 6.3, 6.3.2
values, 6.1
in predicates, 6.5
parameters, 6.4.5.1
values at installation, 4.9
Verisign, 1.1.2
view, 4.5.2, 8.2
log or trace, 5.2.4.5
View Details, 4.5.1.1, 4.5.5
View Logs Tab, 5.3
View Policies For, 6.4
Viewing Details of Certificates, 4.5.2
viewing logs, 4
virtual host, F

W

wallet
as container, 1.1.2.4
CA SMIME
regenerating, 7.1.1, A.7
CA SSL
regenerating, 7.1.1, A.7
compromised or corrupted, 7.1.2.1, B.2.2
contents, 1.1.2.4
Oracle, 1.1.2.4
password, 7.1.2.1
changing, 7.1.4
password superseded, 7.2.1
regenerated, 7.1.2.1, B.2.2
regenerating, 7.1.1
wallet operations, 7.1
wallet-location, A.2
wallets, 1.3.3.1, 7.1, 7.1.3, A.1, A.8
backing up, 7.2.1
CA SMIME, 7.1.2.2
regenerating, 7.1.2.2
locations, 4.9
SMIME, 7.1.3
SSO format, 7.2.1
walletwrl, A.2
web administration interface, 4.4
web administrative interface, 4
access, 4.2
web administrator certificate, 4.2, 4.3
web administrator's certificate
revoking, 7.2.3
web interface
administrative, 2.2.3
end-user, 2.2.3
welcome page, 4.2
for SSO users, 4.8.2
window
renewal, 4.5, 4.5.4, 6.3.5, 6.3.5, 6.3.5, 6.4.3
Windows NT, 4.3
writing a policy plug-in, 6.2

X

X.509, Preface, 1.1.2.3, 1.1.2.3, 1.1.2.3, 1.3.3.1, 2, 2, 2.1.1, 2.1.1, 2.2.1, 2.3, 2.3.2, A.11, A.11, B.2, D