Index
A B C D E F G H I J K L M N O P R S T U V W X
A
- Accessing the User Interface, 8.1
- acquire subCA certificate, B
- acquiring a server certificate, 8.2.3
- add a policy (custom only), 6.4.5.5
- adding
- custom policy, 6.6.2
- policies, 6.4, 6.4, 6.6
- predicates, 6.5.1.4
- ADMIN, A.1
- administering
- policies, 6.2
- administration interface, 4.4, 5.1
- administrative password, 4.3
- Administrative Task Overview, 4, E
- Administrator
- types of, A.6
- administrator
- certificate, 2.2.3, 4.5.3
- form, 2.2.3
- new, 4.3, 7.2.3
- password, 2.2.3, 4.2, 4.2, 4.2
- administrator certificate, 4.4
- administrator password, B.2
- ocactl requires, 7.1.4
- administrator's certificate
- importing, 2.2.3
- installing, 2.2.3
- admin.log, 7.5.1, 7.5.1, A.16
- admin.trc, 7.5, 7.5.1, 7.5.1, A.16
- advanced DN, 4.5.6.3
- advanced topics, 7
- Affiliation Change (revocation reason), 4.5.3
- AFFILIATION_CHANGE (revocation code), 4.3
- alerts, 5.2.2.2
- CA SMIME wallet, 7.1.2.2
- configuring, 5.2.2.1, 7.1.2.2
- CRL generation failure, 5.2.2.2
- All Pending Requests, 4.5.5
- allowExpiredCerts, 6.3.4
- allowRenewal, 6.3.5
- altering
- requests, 6.3
- ancestors, B.2.1
- Apache, 4.9, 7.2.1
- Oracle HTTP Server, 7.1.2.1
- APIs, 6.5, 6.6
- and plug-ins, 6.2
- application
- SSO usage, 4.8.3
- apply policy checkbox, 6.4
- applying
- policies, 6.2
- policy default values, 6.5.1
- approval
- manual, 8.2
- approve, 2.2.3, 4.5, 4.5.1, 4.5.1, 4.5.5
- Approving Certificate Requests, 4.5.1
- Approving or Rejecting Certificate Requests, 4.5.1
- asterisk
- in predicate expression, 6.5
- matches attributes, 6.5
- not string matching, 6.5
- attributes, 1.3.3.3
- asterisk matches, 6.5
- in predicates, 6.5
- authentication, 1.1, 1.2, 1.3.1, 1.3.3.3, 2.1.4, 2.3, 2.3, 4.8.3, 8
- certificate usage definition, D.1
- certificate-based, 2.3.2
- change method, 2.2.3, 8.2
- checking the CRL, 4.6
- client certificate, 4.2
- configuring for SSL & SSO, 5.2.4.2
- form, 4.2
- manual, 8.2.1.4
- mod_osso, 2.3
- password-based, 2.3.1
- SSL, 8.2, 8.2.1.3
- SSL server, 7.1.2.1
- SSL-based, 2.3.1
- SSO, 4.8.2
- user, 4.5.1.1
- authority
- certification, 1.1.2
- automatic certificates for SSL/SSO users, 8.2
- automatic client users, 6.3.2
B
- backing up
- wallets, 7.2.1
- backup and recovery
- considerations, 7.8
- backup and recovery procedures, 7
- BASE64, B.1
- CRL, 8.4.2
- BASE64 certificate, B.2.1
- BasicConstraintsExtension, B.2
- benefits
- OracleAS PKI, 1.3.2
- benefits of a PKI, 1.2
- big-endian order, 6.5
- BigIP, F
- binary copy of CRL, 8.4.2
- binary number
- key, 1.1.1
- bits
- set for extensions, B.2
- broadcasting OCA request page to SSO users, 4.8, 4.8.1
- browsers, 1.3.3.1, 2.2.1
- configuring, 8.2.1.2
- import certificate, 4.8.2
- import SSO certificate, 4.8.2
- password, 4.2, 4.2
- present certificates to SSO, 4.8.3
- use CRLs, 4.6
- Built-in Plug-in Policy Modules, 2.2.2
C
- CA, 1.1.2, 1.1.2.2, A.1, A.6
- hierarchy, B.2
- key size choices, A.1
- levels, 1.1.2.2
- new
- new signing password, B.2
- root, 1.1.2.2
- signing, 1.1.2.1
- subordinate, 1.1.2.2
- ca
- certificate type, 6.5
- CA certificate
- new, 7.1.1, A.7
- save or install, 8.3
- CA Compromise (revocation reason), 4.5.3
- CA hierarchy, B.2.1
- setting up, B
- CA key
- compromised, 7.1.1, 7.2.2
- CA Signing
- certificate usage definition, D.1
- CA signing, 8.2.3
- wallet, 4.9
- CA signing certificate, 7.1.1, 7.1.1
- invalid, 7.1.1, A.7
- CA signing wallet
- regenerating, 7.1.1
- CA SMIME
- key size choices, A.1
- CA SMIME wallet, 7.1.1
- generating, B.2.2
- signing alerts & notifications, 7.1.2.2
- CA SSL, A.8
- CA SSL wallet, 4.9, 7.1.1
- generating, B.2.2
- regenerating, 7.1.2
- CA_COMPROMISE (revocation code), 4.3
- card reader, 8.2.1
- case-insensitive
- strings in predicates, 6.5
- CASMIME, A.1, A.6
- CASSL, A.1, A.6
- key size choices, A.1
- centralization, 1
- Certificate, 4.5.3
- certificate
- administrator, 4.4, 4.5.3
- administrator information required, 4.2
- administrator request, 4.2
- all invalidated, 7.1.1, 7.1.1, A.7
- approved, 2.2.3
- automatic for SSL/SSO users, 8.2
- BASE64, B.2.1
- compromised, 4.5, 4.5.3, 4.5.3
- contents, 1.1.2.3
- contents and uses, 1.1.2.3
- digital, 1.1.2
- download, 8.2
- download into file system, 8.1
- expired, 4.5.4, 6.3, 6.3.4
- expiring, 7.1.3
- extensions, 1.1.2.3
- finding, 4.5.5
- fingerprint, 1.1.2.3
- getting a, 2.3.1
- import, 4.2, 4.8.2, 8.2
- import into browser, 8.1
- import to browser, 4.2
- import to file system, 8.7
- inconsistent state, 7.2.2
- invalidated, 7.2.2
- issued upon request for SSO/SSL-authenticated user, 5.2.4.2
- management, 4, 4, 4.5
- manual, 6.3.2
- multiple, 6.3
- multiple constraint, 6.3.3
- new CA, 7.1.1, A.7
- new request, 8.2
- new required, 7.2.2
- owner, 4.5.6.2
- parameter values
- restricting, 6.2
- pending, 2.2.3
- pending request alerts, 5.2.2.2
- PKCS#10 request, 1.3.3.1, 2.2.1, B
- PKI, 1.1.2
- policies, 6.2
- properties, 2.2.2
- publish SSO, 4.8.2
- publishing, 5.2.4.1, 7.6.3
- purposes, 2.3.2
- rejected, 2.2.3
- rejecting, 4.5.1.2
- renew, 8.2
- renewal window, 4.5, 4.5.4, 6.3.5, 6.3.5, 6.3.5, 6.4.3
- renewing, 4.5.4, 7.1.3, 8.2.2, 8.2.2.2
- replace administrator, 4.3
- request
- SSO, 4.8.1
- request URL for SSO, 4.8.1
- requests, 2.2.1, 2.2.1
- pending, 4.4.1
- status, 2.2.3
- retrieving, 8.2.2, 8.2.2.1
- revoke, 8.2
- revoking, 4.5.3, 8.2.2, 8.2.2.3
- revoking expired, 6.3.4
- root CA, 4.5.3
- save or install, 8.2
- search, 4.5.5
- separate, 1.1.2.3
- serial number, 1.1.2.3
- server, 6.3.2, 8.2, 8.2.3
- server, acquiring, 8.2.3
- server/subCA, 8.2.3
- signer, 8.2.1.1, 8.2.1.2.2
- signing, 1.1.2.3
- SMIME invalidated, B.2.2
- SSL, 1.1.2.3
- SSL invalidated, B.2.2
- SSO usage, 4.8.2, 4.8.3
- status, 4.5.6, 4.5.6.5
- Sub CA, 4.5.1.1
- trusted, B.2.1
- editing uses, 8.2.1.1, 8.2.1.2.2
- types, 8.2
- types in predicates, 6.4.5.1, 6.5
- user, 8.2.1
- using existing, 5.2.4.2
- view, 8.2
- viewing details, 4.5.2
- X.509, Preface, 1.1.2.3, 1.1.2.3, 1.1.2.3, 1.3.3.1, 2, 2.1.1, 2.1.1, 2.2.1, 2.3, 2.3.2, A.11, A.11, B.2, D
- Certificate Authority
- CA, 1.1.2.2
- certificate authority, 1.3.1
- signing, 1.1.2
- Certificate Management Tab, 4.4.1
- Certificate Management tab, 2.2.3
- Certificate Practice Statement, 3.2.2
- Certificate Renewal, 8.2.2.2
- Certificate Renewal Policy as Shipped, 6.4.3
- Certificate Request Details screen, 4.5.1.1
- Certificate Request form, 8.2.1.1
- Certificate Request Policies as Shipped, 6.4.1
- Certificate Retrieval, 8.2.2.1
- Certificate Retrieval, Renewal, and Revocation, 8.2.2
- Certificate Revocation, 8.2.2.3
- certificate revocation list, 2.2.3, 3.2.3, 4.6, 7.2.2
- retrieving with ldapsearch, 4.7.1
- Certificate Revocation Policy as Shipped, 6.4.2, 6.4.4
- certificate usage
- in predicates, 6.5
- CERTIFICATE_HOLD (revocation code), 4.3
- certificates
- life-cycle, 1.3.3.4
- certification authority, 1.1.2
- certified, 4.5, 4.5.6, 4.5.6.5
- Cessation of Operation (revocation reason), 4.5.3
- CESSATION_OF_OPERATION (revocation code), 4.3
- challenges, 1
- changes
- policy, 6.4
- ports or nodes, A.1
- changesecurity, 7.6.1, A.1, A.1
- changesecurity command, 7.6.1
- changing
- method of authentication, 8.2
- wallet password, 7.1.4
- changing OCA's IM Services, 7.6.1, 7.6.1
- changing passwords, 7.1.4
- Changing Privileged Passwords, A.6
- class, 6.4
- clear, A.1, A.1
- clearing
- log or trace
- deletes contents, 7.5.1
- log or trace data, 7.5.1
- client
- certificate type, 6.5
- client locale, 7.2.4
- clientAuth, D.1.1
- CN
- in DN, 6.5
- code Signing
- certificate usage definition, D.1
- codes
- revocation, 4.3
- codeSigning, D.1.1
- cold failover
- configuration, 7.7.1
- deployment, 7.7.1
- Collaboration Suite, 2.1.3
- comma, 8.2.1.4
- in DN entry, 6.3.5
- command-line interface, 4
- commands, A.1
- clear, A.1
- generatewallet, A.1
- help, A.1
- importwallet, A.1
- linksso, A.1
- renewcert, A.1
- revokecert, A.1
- set, A.1
- setpassword, A.1
- start, A.1
- stop, A.1
- unlinksso, A.1
- updateconnection, A.1
- when take effect, 7.1.4
- common name, 4.2, 4.2
- searching, 4.5.5
- Sub CA, B.2.1
- complete DN, 6.5
- components
- needed by OCA, 3.4.1
- Oracleas PKI, 1.3.3
- Components of the OracleAS PKI, 1.3
- compromised
- CA key, 7.1.1, 7.2.2
- compromised certificates, 4.5, 4.5.3, 4.5.3
- configuration
- cold failover, 7.7.1
- configuration choices, 4.8, 4.8, 4.8
- configuration file, A.1, A.3
- configuration management, 4
- alerts, 5.2.2.2
- subtabs, 5.2
- tab, 5.2
- Configuration Operations for Oracle Application Server Certificate Authority, 7.2
- configuration tasks, 5.2.1
- configure
- log & trace, 5.2.4.5
- configuring
- Apache, 7.2.1
- on web, 7.2
- sending signed alerts and notifications, 5.2.2.1, 7.1.2.2
- site, 7.2
- SSL automatically, 7.2.1
- Sub CA, B.2.1, B.2.1
- using ocactl, 7.2
- Configuring Your Browser to Trust Oracle AS Certificate Authority, 8.2.1.2
- connection information
- changed strings, A.1
- where stored & displayed, 7.6.3
- connections, 5.2.4.7
- changed nodes or ports, A.1
- OCA repository and directory, 7.6.3
- container
- called database, cache, or wallet, 1.1.2.4
- contents, 1.1.2.4
- for certificates, 1.1.2.4
- wallet, 1.1.2.4
- containers, 1.3.3.1
- PKI, 1.1.2.4
- contents
- certificate, 1.1.2.3
- container, 1.1.2.4
- contiguous DN, 6.3.5
- contiguous string, 4.5.6
- convertwallet, 7.2.1, 7.2.1, A.1, A.1, A.2, A.2
- copying
- BASE64 certificate, B.2.1
- CRLs, 4.6
- trust points, B.2.1
- copying CRLs, 4.6
- CPS (certification practice statement), 3.2.2
- credentials
- PKI, 1.1.2.4
- criterion
- for predicate order, 6.5.1
- CRL, 2.2.1, 2.2.3, 4.5, 4.6, 4.7.1, 7.2.2, 8.1
- auto-generation, 4.6
- BASE64 form to cut and paste, 8.4.2
- binary copy, 8.4.2
- checking, 4.6
- copying, 4.6, 4.6
- download, 4.6
- download into file system, 8.1
- generating, 4.6
- handling, 8.4
- import, 4.6
- import into browser, 8.1
- multiple, 4.6
- path used by server, 4.6
- purpose, 4.5.5
- save or install, 2.2.3, 8.2, 8.4.2
- saving to multiple servers, 4.6
- scheduling generation, 5.2.2.3
- updating, 4.6, 4.6
- usages, 4.6
- CRL alerts, 5.2.2.2
- CRL validity, 4.6
- days to next update, 4.6
- CRL_SIGN, B.2
- cryptographic service provider, 4.2
- custom policy, 6.6
- adding, 6.6.2
- name description and class, 6.6.2
- plug-ins, 6, 6.4.2, 6.4.4
- customize
- policies, 2.2.2
- cut and paste
- BASE64 CRL, 8.4.2
- cut-and-paste, 1.3.3.4, 4.2
- cutting and pasting, 1.3.1
- cwallet.sso, 7.1.3, 7.2.1, 7.8, A.2
D
- data integrity, 1
- database
- connect string used, 5.2.4.7
- database connection pool, A.1, A.3
- Database Pool Scheme, 5.2.4.7
- Database Pool Size, 5.2.4.7
- Database Settings, 5.2.4.7
- date, 7.2.4
- days to next CRL update, 4.6
- DB, A.1, A.6
- decipher, 8.2
- decryption, 1.1, 1.1.1, 8.2
- by appropriate recipient only, 1.1
- infeasible, 1.3.3.2
- messages, 1.1.2.1
- time and effort, 1.2, 1.3.3.2
- Default Base DN Components, 5.2.4.6
- Default Constraint-specific Policy Rules, 6.3
- default deployment, 3.4.2
- advantages, 3.4.2
- installation instructions, 3.4.2
- default period
- renewal, 6.3.5, 6.3.5, 6.3.5, 6.4.3
- default policy rules, 2.2.2
- defaults, 6.1, 6.4.5.1
- in a policy
- when used, 6.5
- key sizes, 6.4.1
- policies, 6.3
- renewal validity period, 6.3.5
- validity period, 6.4.1
- Delegated Administration Service, 2.1.1, 2.1.3
- delete
- predicate, 6.4.5.3
- delete a policy, 6.4.5.3
- deleting
- policies, 6.4
- departments
- Sub CA signing wallet, B.2.1
- deployment
- default, 3.4.2
- advantages, 3.4.2
- installation instructions, 3.4.2
- recommended, 3.4.3
- advantages, 3.4.3
- installation instructions, 3.4.3
- strategies, 3.4
- using cold failover, 7.7.1
- describing
- a policy plug-in, 6.2
- Developing a Custom Policy Plug-in, 6.6
- digital certificates, 1.1.2, 1.2
- approving requests, 4.5.1
- binary file, A.7
- contents and uses, 1.1.2.3
- encryption, 2.3
- management, 4.5
- pending, 2.2.5
- rejecting, 4.5.1.2
- renewing, 4.5.4
- request, 2.2.1, 2.2.3, 2.2.5, 2.3, 2.3.1, 2.3.3
- revoking, 4.5.3
- signing, 2.3
- signing/SSL, 2.4
- SSL, 2.3
- viewing, 4.5.2
- digital signature, 1, 1.1.2.3, 1.1.2.3, 1.2, 1.3.2, 2.2.1
- digital transactions
- sign, 1.2
- DIGITAL_SIGNATURE, B.2
- directory
- connections, 7.6.3
- for Sub CA Signing wallet, B.2
- directory integration services, 1
- directory services, 1
- Directory Settings, 5.2.4.8
- directory synchronization
- scheduling, 5.2.2.3
- disabling
- policies, 6.2, 6.4
- RenewalRequestConstraint, 6.3.5
- RevocationConstraints, 6.3.4
- RSAKeyConstraints, 6.3.1
- uniquecertificateconstraint, 6.3.3
- validity rule, 6.3.2
- disabling policy rules, 6.2
- disabling proxy servers, F
- displaying connection information, 7.6.3
- distinguished name, 4.5.6.2, 6.5
- DN, 1.1.2.3
- distinguished name (DN), 1.1.2.3
3
- DN, 1.1.2.3, 2.3.3, 4.2, 4.2, 4.2, 4.2, 4.2, 4.2, 4.5.6, 4.5.6, 4.5.6.2, 4.5.6.2, 4.5.6.2, 4.5.6.2, 4.5.6.2, 4.5.6.3, 4.9, 4.9, 4.9, 4.9, 4.9, 5.2.4.6, 6.3.3
- advanced, 4.5.6, 4.5.6.3
- configuring defaults for manual enrollment, 5.2.4.6
- contiguous string to root, 4.5.6
- distinguished name, 4.5.6.2
- relative, 4.5.6.3
.
- DN, 6.3.3, 6.3.3, 6.3.3, 6.3.5, 6.4.1, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5, 6.5.1, 6.6.1, 6.6.5
- complete, 6.5
- contiguous & complete, 6.3.5
- follows RFC1779, 6.5
- in predicate, 6.5
- invalid, 6.5
- least significant component, 6.5
- matching, 6.5
- most significant component, 6.5
- partial, 6.5
- root, 6.5
- rules for matching, 6.5
- valid, 6.5
D
- DN, 7.4, 7.9, 7.9, 7.9, 7.9, 7.9, 8.2.1.4, 8.2.1.4, 8.2.1.4
- DN field separator, 6.3.5, 6.5, 8.2.1.4
- domain components, 2.3.3
- Down CA Certificate, B.2.1
- download, 8.1
- CA certificate, 8.2
- CRL, 8.2
- into file system
- certificate or CRL, 8.1
- Download CRL, 4.6
- download CRL, 2.2.3
- Download to your local disk (CRL), 4.6
- downloading, 8.3
- downloading a CA Certificate, 8.3
- drastic operation, 4.5.3, 7.2.2
- dynamic, 5.2.4.7
E
- Ease of Use for Administrators and End Users, 2.2.3
- eavesdropper, 1.1.1
- E-Business Suite, 2.1.3
- edit
- in Policy subtab, 6.2
- edit a policy, 6.4.5.1
- editing
- trusted uses, 8.2.1.1, 8.2.1.2.2
- elements
- in a log, 5.3
- of a practice statement, 3.2.2
- email, 4.5.1.1, 5.2.2
- server, sender, template, 5.2.2.1
- to SSO users for OCA URL, 4.8.1
- email address search, 4.5.6
- email clients
- use CRLs, 4.6
- verify incoming SMIME messages, 4.6
- emailProtection, D.1.1
- embedded HTML link
- for SSO users, 4.8.1
- enable a policy, 6.4.5.2
- enabling
- a policy plug-in, 6.2
- RenewalRequestConstraint, 6.3.5
- RevocationConstraints, 6.3.4
- RSAKeyConstraints, 6.3.1
- uniquecertificateconstraint, 6.3.3
- validity rule, 6.3.2
- Enabling PKI Authentication with SSO and OCA, 4.9.1
- enabling policy rules, 6.2
- enabling proxy servers, F
- enabling ssl and pki for SSO, 4.9.1
- enabling SSL and PKI on SSO, E
- encryption, 1.1, 1.1.1, 1.1.2.3, 1.2, 1.3.3.2, 2.3
- algorithms, 1.1
- asymmetric, 1.1.1
- certificate usage definition, D.1
- messages, 1.1.2.1
- scheme, 1.1.1
- symmetric, 1.1.1
- unique for different users, 1.1
- end-entity, 4.5.6.2, 4.6, 8
- end-user, 4.5.6.2, 8
- interface, 8
- end-user interaction
- two types, 8.2
- End-User Tabs and Processes, 8.2
- enforcing
- policies, 6.2
- enrollment form
- Server/SubCA, 8.2.3, 8.2.3, 8.2.3, 8.2.4, 8.2.4, 8.2.4, B.1, B.1, B.2.1, B.2.1, B.2.1
- Enterprise User, 2.1.3
- entities
- trusted, 1.1
- vouch for relationship, 1.1
- entity, 1.1.2
- error, 8.2.1
- evaluating requests
- policies, 6.2
- evaluation
- of multiple predicates, 6.5.1
- evaluation example
- multiple predicates, 6.5.1.1, 6.5.1.2
- Evaluation Example for Multiple Predicates, 6.5.1.1
- events
- notification, 5.2.2
- ewallet.p12, 7.1.2.1, 7.1.3, 7.2.1, 7.2.1, 7.8, A.2, B.2, B.2.1
- examples
- of DN matching in predicates, 6.5
- existing certificates
- using, 5.2.4.2
- expired, 2.1.5
- expired certificate, 4.5.4
- expired certificates, 6.3, 6.3.4
- export, 1.3.3.1, 8.6
- certificate from browser, 8.6
- expression
- predicate, 6.1
- complete, 6.3.5
- contiguous, 6.3.5
- Expression text box, 6.4.5.1
- expressions
- logical, 6.5
- operators, 6.5
- predicate, 6.5
- extensions, 1.1.2.3
- external access, F
F
- Field Name
- form, 4.2
- file permissions
- protect SSO wallet, 7.2.1
- files
- admin.log, 7.5.1, A.16
- admin.trc, 7.5, 7.5.1, A.16
- cwallet.sso, 7.8
- ewallet.p12, 7.8
- ias.properties, 7.6.1
- log, 5.2.4.5
- oca_cps.html, 3.2.2
- oca.conf, 7.6.3, 7.8, 7.8
- oca.trc, 7.5, 7.5.1, A.16
- ocm_apache.conf, 7.8
- ocmpassword.p12, 7.8
- operating system, 7.5.1, A.16
- osso.conf, 7.8, E.3, E.3, E.3, E.3.1, E.3.1
- trace, 5.2.4.5
- find, 4.5.5
- finding (see listing & search), 4.5.5
- fingerprint
- certificate, 1.1.2.3
- Firefox, 8.4.1.1, 8.5, 8.6, 8.7
- firewall, F
- Fixed Increment, 5.2.4.7
- Fixed wait scheme, 5.2.4.7
- flexible policy, 2.2.2
- form
- administrator, 2.2.3
- authentication, 4.2
- field names, 4.2
- format, A.2
G
- Gemplus, 4.2, 8.2.1.1
- General subtab, 5.2.3, 5.2.4
- database & directory settings, 5.2.3, 5.2.4
- DN defaults, 5.2.3, 5.2.4
- parameters, 5.2.3, 5.2.4
- publishing, 5.2.3, 5.2.4
- settings, 7.6.3, A.1
- SSL & SSO, 5.2.3, 5.2.4
- general subtab tasks & discussions, 5.2.1
- generate CRL, 2.2.3
- generatewallet, A.1, A.1, A.1, A.7, A.8
- generating
- Sub CA signing wallet, B.2.1, B.2.2
- generating the CRL, 4.6
- get certificate, 2.3.1
- Globalization Support, 2.2.4, 7.2.4
- Go (not Enter), 4.5.5
- graphical user interface (see GUI), 5.1
H
- help, A.1, A.1
- Hierarchical Certificate Authority Support, 2.4
- hierarchy of CAs, B.2
- hierarchy of trust, 1.1.2.2, 2.4
- geographically distributed, 2.4
- high availability, 1
- high-availability features, 7, 7.7
- Hold (revocation reason), 4.5.3
- home page, 4.4, 8.1
- HTTP Server, 4.1, A.2, B.2.2
- in SSL mode, 7.1.2.1
- HTTP server, 7.7.1
- http.conf, 8.4.2
- HTTPS, 2.3, 2.3.2, 3.4.1, 7.1.2.1, B.2.2
I
- ias.properties file, 7.6.1
- icon
- lock, 8.2.1.2.2, 8.2.2.3
- identity, 1.1.2, 1.3.1
- Identity Management, 1.1.2.4, 2, 2.1.1, 2.1.3, 2.1.4
- identity management
- solution, 2.1
- Identity Management Infrastructure, 1.3.2
- ID/Serial, 4.5.5
- IETF, 1.1.2.3, 2.2.1
- IM Services
- changing OCA's, 7.6.1, 7.6.1
- import, 1.3.3.1, 4.5.1.1, 4.5.5, 7.2.1, 8.1, 8.2, 8.2, 8.2, 8.2.1.1, 8.2.1.2.1, 8.2.1.2.1, 8.2.1.2.2, 8.3, 8.3, 8.3, 8.5
- administrator certificate, 4.2
- CA certificate, 7.2.1
- certificate, 4.8.2
- trusted activities, 8.2.1.2.2
- into browser
- certificate or CRL, 8.1
- import CA certificate, 7.2.1
- Import Certificate, 4.2
- import subCA certificate, B
- Import to Browser
- SSO, 4.8.2
- Import to Browser (CRL), 4.6
- importation, 4.2
- importing
- Sub CA Signing Wallet, B.2
- the administrator's certificate, 2.2.3
- Importing a Certificate from Your File System, 8.7
- Importing a Certificate to Your Browser, 8.5
- importwallet, A.1, A.1
- inconsistent state
- after CA revocation, 7.2.2
- Information message, 6.4.5.4
- infrastructure, 1, 1, 1.1.2.4, 2, 2.1.3
- re-associating, 7.6
- install, 1.3.3.1, 7.2.1, 8.1, 8.2, 8.2, 8.2.1.1, 8.2.1.2.1, 8.2.1.2.2, 8.3
- Install in Browser, 8.2.1.1
- installation values, 4.9
- installing
- Sub CA Signing Wallet, B.2
- installing new CA
- steps, 7.2.2
- installing the administrator's certificate, 2.2.3
- integrity, 1.2
- Internet Explorer, 2.2.1, 2.3, 4.2, 8, 8.2.1, 8.2.1.1, 8.3, 8.4.1.2, 8.6, 8.7
- interoperability, 1.3.3.1, 1.3.3.1
- interval, 4.6
- CRL and certificate synchronization in directory, 5.2.2.3
- CRL generation, 5.2.2.3
- pending certificate requests queue length exceeded, 5.2.2.2
- introduction to OracleAS PKI, 1.3
- invalidating
- certificates, 7.2.2
J
- J2EE, 2.1.3
- JAAS, 2.1.3
- jar, 6.4, 6.4.5.5, 6.6.2
- Java class, 6.1, 6.6.2
- java class, 6.4.5.5
- register, 6.6
- Javadoc, 6.6
- jobs
- scheduled, 5.2.2.3
K
- key, 1.1.1
- asymmetric, 1.1.1
- binary number, 1.1.1
- in a PKI, 1.1.1
- owner, 1.1.2
- pairs, 1.1.1, 1.1.1
- private, 1.1.1
- public, 1.1.1, 1.1.2
- separate, 1.1.1
- symmetric, 1.1.1
- validation, 1.1.2
- Key Compromise (revocation reason), 4.5.3
- key lengths, 2.2.1
- Key Size, 8.2.1.1
- key size, 4.2, 4.2, 4.2, 8.2.1
- choices, A.1
- default maximum, 6.3.1
- default minimum, 6.3.1
- default range as shipped, 6.5.1.1
- minimum & maximum, 6.3.1
- predicate, 6.3.1
- RSAKeyConstraints, 6.3.1, 6.3.1
- key sizes
- defaults, 6.4.1
- narrow/widen range, 6.4.1
- Key Store, 8.2.1.1
- key store, 4.2
- KEY_CERT_SIGN, B.2
- KEY_COMPROMISE (revocation code), 4.3
- key-pairs, 1.2, 1.2, 4.2, 4.2, 8.2.1.1
- keys
- distribution methods, 1.1
- KeyUsageExtensions, B.2
L
- LDAP, 1.3.3.3, 2.2, A.1
- least significant component of DN, 6.5
- least significant RDN, 6.5.1
- levels
- CAs, 1.1.2.2
- trust, 1.1.2.2
- link OCA with SSO, 4.8
- linksso, 4.8.2, A.1, A.1
- list, 4.5.5
- of ports, 4.4
- revoked certificates, 4.5.5
- Listing a Certificate Request or an Issued Certificate, 4.5.5
- little-endian order, 6.5
- local entry name, 6.5
- locale, 7.2.4
- location of wallets and values, 4.9
- lock icon, 8.2.1.2.2, 8.2.2.3
- LOG, A.1
- log, 7.5
- clearing, 7.5.1
- elements, 5.3
- stored in repository, 7.5.1
- log file, 5.2.4.5
- logger, A.1, A.3
- logging, 5.2.4.5
- logical
- operators, 6.5
- logical expression
- used in predicates, 6.5
- logs
- messages re errors during OCA use, 5.3
- viewing, 4, 5.3
M
- managing
- certificates, 4, 4.5
- configuration, 4
- policies, 6, 6.4
- overview, 6.2
- Managing Certificates, 4.5
- managing certificates, 4
- Manual
- Authentication, 8.2.1.4
- manual, 8.2.1
- Manual Approval, 2.3.3
- manual approval, 8.2
- additional options, 2.3.3
- information required, 2.3.3
- server and subordinate CA, 2.3.3
- manual authentication, 8.2.1.4
- manual user certificate, 6.3.2
- mapping a BigIP to an OCA virtual host, F
- match
- predicate, 6.5
- matching
- DNs, 6.5
- first not best, 6.5.1
- policy evaluations, 6.5
- results if no match, 6.5.1
- rules re DNs, 6.5
- MD5 with RSA, 4.6
- message
- shows change worked, 6.4.5.4
- message digests
- signing, 8.2
- messages
- private, 1.1.1
- Microsoft
- Basic Crypto, 4.2, 8.2.1.1
- Enhanced Crypto, 4.2, 8.2.1.1
- Strong Crypto, 4.2
- mod_osso, E.3
- SSO, 2.3
- modifying policy rules, 6.2
- most significant component of DN, 6.5
- Mozilla, 8.2.1
- multiple
- CRLs, 4.6
- predicates, 6.3.1
- multiple certificates, 6.3
- allow/disallow, 6.4.1
- constraint, 6.3.3
- same usage, 6.4.1
- Multiple Predicate Evaluation, 6.5.1
- multiple predicates, 6.5
- evaluation example, 6.5.1.1, 6.5.1.2
- multiple servers, 4.6
- saving CRL, 4.6
- mutual authentication, F
N
- name
- certificate signer, 8.2.1.1, 8.2.1.2.2
- naming
- a policy plug-in, 6.2
- National Language Support (NLS), 7.2.4, 7.2.4
- Netscape, 2.3, 4.2, 8, 8.2.1, 8.2.1.1, 8.2.1.1, 8.4.1.1, 8.5, 8.6, 8.7
- Netscape Communicator, 2.2.1
- nickname, 4.8.3
- NLS, 7.2.4, 7.2.4, 7.2.4
- nodes
- changes, A.1
- NON_REPUDIATION., B.2
- non-repudiation, 1, 1.2
- signed messages, 1.1
- notification
- events, 5.2.2
- notification subtab, 5.2.2
- notification subtab tasks & discussions, 5.2.1
- notifications
- CA SMIME wallet, 7.1.2.2
- configuring, 5.2.2.1, 7.1.2.2
O
- OC4J, 3.4.1, 4.1, 7.7.1, A.1, A.2, A.3, A.11, A.12, B.2, B.2, B.2.2
- starting & stopping, 4.8.2, 6.6.2, 6.6.2, A.3, A.4, A.11, B.2
- stopping & starting, A.11, B.2
- OCA, 1.3.2, A.1
- repository, 2.2.5
- OCA connection information
- where stored & displayed, 7.6.3
- OCA repository, 7.1.1, A.7
- oca_cps.html, 3.2.2
- oca/bin, A.1
- oca.conf, 7.6.3, 7.8, 7.8, A.1, A.14
- OCAcrlBase64.txt, 8.4.2
- OCAcrl.crl, 8.4.2
- ocactl, 2.2.3, 4.1, 4.3, 4.5.3, 7.1.1, 7.1.3, 7.2.3, 7.7.1, A
- configure OCA link with SSO, 4.8.2
- general form, A.1
- Operations and Parameters, A.1
- requires admin password, 7.1.4
- oca.trc, 7.5, 7.5.1, 7.5.1, A.16
- ocm_apache.conf, 7.8
- ocmpassword.p12, 7.8
- OFF, A.1
- OHS, 3.4.1, 4.1, A.2
- ohs
- starting & stopping, 6.6.2, 6.6.2, A.3, A.11, B.2
- stopping & starting, A.11, B.2
- OID, 1.3.3.3, 4.1, 7.6.3
- SSO usage, 4.8.2
- ON, A.1
- one-time session password, 1.3.3.2
- open standards, 2.2.1
- operating system file permissions
- protecting SSO wallet, 7.1.2.1
- operating system files
- removing, 7.5.1, A.16
- operations, A.1
- PKI, 1.1.2.4
- operators
- logical, 6.5
- OPMN, 7.1.2.1
- opmnctl, 7.2.3
- OR logical expression, 6.5
- Oracle Application Server Certificate Authority, 2.1.4
- components needed, 3.4.1
- Oracle Certificate Authority
- OCA, 1.3.2
- Oracle Collaboration Suite, 2.1.4
- Oracle Home, 3.4.3
- Oracle HTTP Server
- Apache, 7.1.2.1
- checks SSL validity, 4.6
- Oracle Identity Management, 1, 1.1.2.4
- Oracle Internet Directory, 1.3.2, 1.3.3.3, 2.1.1, 2.1.3, 2.3.1, 3.4.1, 4.1, 7.6.3
- SSO usage, 4.8.2
- Oracle Label Security, 2.1.3
- Oracle Single Sign-on Authentication, 2.3.1
- Oracle wallet, 1.1.2.4
- Oracle Wallet Manager, 1.3.3.1, B, B.2.1, B.2.1
- ORACLE_HOME, 3.2.2, 6.4.5.5, 7.1.2.1, 7.2.1, 7.5, 7.5.1, 7.8, 7.8, B.2.2
- OracleAS WebCache
- configuring, H
- orapki, A.11
- order of policies, 6.2
- order of predicates, 6.5.1
- osso.conf, E.3
- osso.conf file, 7.8, E.3, E.3, E.3.1, E.3.1
- overriding policies
- when issuing a certificate, 6.4
- overview
- web administrative interface, 4.4
- OWM, 1.3.3.1, 7.2.1, B, B.2.1
- owner, 4.5.6.2
P
- parameters, 6.1, 6.4.5.1, A.1, A.1
- allowExpiredCerts, 6.3.4
- defaults ranges & values, 6.1
- policy, 6.4
- validity constraints, 6.3.2, 6.3.2
- values, 6.4.5.1
- password, 4.3
- admin
- required for ocactl, 7.1.4
- administrator, 2.2.3, 4.1, 4.2, 4.2, 4.2, 4.2, 4.3, 4.3, B.2
- browser security, 4.2, 4.2
- changing, A.6
- encrypting private key, 7.1.1, A.7
- lost, 7.2.3
- new, A.6
- requested during generation, 7.1.1, A.7
- SSL Server wallet, 7.2.1
- store, B.2
- wallet, 7.1.2.1
- changing, 7.1.4
- password store, A.7
- passwords, 8.6, A.1, A.3, A.6, A.8
- CA, 7.1.4
- CA SMIME, 7.1.4
- CA SSL wallet, 7.1.4
- path
- CRL, 4.6
- path length, 4.5.1.1
- path-length
- number of Sub CA levels, B.2.1
- peer identity, 1.1.2.4
- pending, 4.5, 4.5.6, 4.5.6.5
- pending certificate requests, 4.4.1
- PKCS Standards, 2.2.1
- PKCS#10, 1.3.3.1, 2.2.1, 8.2.3, 8.2.3, B.2.1
- PKCS#12, 1.3.3.1, 1.3.3.1, 7.1.2.1, 7.1.2.1, 7.2.1, 8.6, A.2, A.2, A.2
- PKCS#7, B.1
- PKI, 1, 8.2.4
- benefits, 1.2, 1.3.2
- certificate, 1.1.2
- components, 1.3.3
- containers, 1.1.2.4
- credentials, 1.1.2.4
- definition, 1.1
- earlier costs and difficulties, 1.3.1
- enabling with SSL for SSO, E
- for secure data transmission and storage, 1.1
- introduction, 1.3
- operations, 1.1.2.4
- requires SSL, 4.8
- with SSO and OCA, 4.9.1
- PKI-based single sign-on, 1.3.3.3
- PKIX, 2.2.1
- plug-in policy modules, 2.2.2
- plug-ins, 6, 6.1, 6.2, 6.5, 6.6, 6.6.2
- class, 6.4
- custom
- examples, 6.6
- policy, 6.4.4
- custom policy, 6.4.2
- default, 6.6
- jar, 6.4
- policies, 2, 2.3.3, 4.2
- add (custom only), 6.4.5.5
- adding, 6.4, 6.4
- administering, 6.2
- altering requests, 6.3
- applying, 6.2
- changes require restart, 6.4
- custom, 6.6
- no predicates, 6.5
- default rules, 6.3
- delete (custom only), 6.4.5.3
- deleting, 6.4
- disabling, 6.4
- edit, 6.4.5.1
- enable, 6.4.5.2
- enforcing, 6.2
- evaluate requests, 6.2
- for different user populations, 6.5
- formulating and applying, 6.2
- jar, 6.4
- java class, 6.4
- managing, 6, 6.4
- order, 6.2
- overriding
- when issuing a certificate, 6.4
- parameters, 6.4
- predicates, 6.4
- processing, 6.2
- renewal, 6.4.3
- RenewalRequestConstraint, 6.3, 6.3.5
- reorder, 6.4.5.4
- reordering, 6.4
- restricting parameter values, 6.2
- RevocationConstraints, 6.3, 6.3.4
- RSAKeyConstraints, 6.3, 6.3.1
- sample custom, 6.4.2, 6.4.4
- sequence, 6.4
- supplied, 6.3
- supplied rules, 6.3
- UniqueCertificateConstraint, 6.3, 6.3.3
- ValidityRule, 6.3
- what they specify, 6.4
- policy, 2.2.2
- add (custom only), 6.4.5.5
- concepts and definitions, 6.1
- creating
- steps, 6.6.2
- custom plug-ins, 6
- defaults
- when used, 6.5
- deleted, 6.4.5.2
- description, 6.4.5.5
- flexible, 2.2.2
- Java class, 6.1
- management, 6.2
- name, 6.4.5.5
- object class, 6.4.5.5
- predicate, 6.1
- processing
- sequential, 6.2
- processor module, 6.2
- rule, 6.1
- security, 2.2.2, 2.3.3
- Policy Actions, 6.4.5
- delete, 6.4.5.3
- edit, 6.4.5.1
- enable, 6.4.5.2
- policy default values
- applying, 6.5.1
- policy evaluations
- DN matching, 6.5
- policy modules, 2.2.2
- customize, 2.2.2
- policy rule
- multiple predicates, 6.5.1
- policy rules
- all re renewals, 6.4
- all re requests, 6.4
- all re revocations, 6.4
- and plug-ins, 6.2
- creating, 6.2
- enable disable or modify, 6.2
- Policy Sub-tab, 6.2, 6.4
- tasks & discussions, 5.2.1
- pop-up
- blocking, 4.8.2, 4.8.2, 7.4, 7.4
- screen, 4.8.2
- port, 4.2, 4.2, 4.4, 8.1
- changes, A.1
- default values, 4.9
- information, 4.4
- list, 4.4
- SSL, 4.8.1
- practice statement
- elements, 3.2.2
- predicate, 6.1
- adding, 6.5.1.4
- attributes, 6.5
- certificate types, 6.5
- corresponding values used, 6.5
- delete, 6.4.5.3
- expression, 6.1
- if no match, 6.5.1
- key size, 6.3.1
- matching request element, 6.5
- multiple, 6.5
- evaluation example, 6.5.1.1, 6.5.1.2
- not in custom policies, 6.5
- operators, 6.5
- optional, 6.5
- order, 6.5.1
- RenewalRequestConstraint, 6.3.5
- reordering, 6.5.1.3
- RSAKeyConstraints, 6.3.1
- specifics, 6.5
- strings
- case-insensitive, 6.5
- validity period, 6.3.2
- value
- asterisk, 6.5
- values, 6.5
- Predicate Attributes, 6.5
- predicate expression
- complete, 6.3.5
- contiguous, 6.3.5
- evaluation, 6.5
- logical, 6.5
- not matched, 6.5
- predicate order
- criterion, 6.5.1
- predicates, 6.4.5.1
- complex, 6.3.1
- examples, 6.3.1
- multiple sets, 6.3.1
- policy, 6.4
- Predicates in Policy Rules, 6.5
- preventing
- repudiation of signed messages, 1.1
- unauthorized access, 1.1
- private key, 1.1.1, 1.2, 4.5.3, 8.2, 8.2.2.3, 8.6, 8.6, 8.6
- compromised, 4.3, 7.2.3
- encrypted, 7.1.1, A.7
- for decryption, 1.1.1
- lost, 4.3
- new CA, 7.1.1, A.7
- password lost, 7.2.3
- signs certificate, 1.1.2.1
- stolen, 4.3, 7.2.3
- validation using public key, 1.1.2.1
- private messages, 1.1.1
- privileges, 1.3.3.3
- propagating, 2.1.4
- properties
- certificate, 2.2.2
- properties file, 7.6.1
- protocols
- PKCS#10, 2.2.1
- Signed Public Key and Challenge, 2.2.1
- provisioning, 2.3.1
- automatic, 2.3
- manual, 2.3
- Provisioning Integration, 2.1.3
- proxy servers, F
- public key, 1.1.1, 8.2, 8.2.4
- can verify CA signature, 1.1.2.1
- for encryption, 1.1.1
- owner, 1.1.2.1
- Public Key Infrastructure, 1
- public-key certificates, 1.2
- publish
- OCA URL for SSO users, 4.8.1
- SSO certificate, 4.8.2
- publishing, 2.1.4, 2.1.5
- certificates, 5.2.4.1, 7.6.3
R
- RA, 1.1.2.2, 1.1.3, 1.3.1, 1.3.2
- within OCA, 1.1.3
- ranges, 6.1
- RDN, 4.5.6.3, 6.5, 6.5
- child of RDN, 6.5
- least significant, 6.5, 6.5.1
- multiple usage, 6.5
- reason codes
- revoke, 4.3
- reasons
- revocation, 7.2.3
- re-associating
- infrastructure, 7.6
- repository, 7.6
- Re-associating Oracle Application Server Certificate Authority Infrastructure, 7.6
- recommended deployment, 3.4.3
- advantages, 3.4.3
- installation instructions, 3.4.3
- regenerating
- CA signing certificate, 7.1.1
- CA Signing Wallet, 7.1.1
- CA SMIME wallet, 7.1.1, 7.1.2.2, A.7
- CA SSL certificate
- circumstances, B.2.2
- CA SSL Wallet, 7.1.2
- CA SSL wallet, 7.1.1, A.7
- wallet, B.2.2
- wallets, 7.1.1, 7.1.2.1
- Re-generating the CA Signing Wallet, 7.1.1
- Regenerating the Certificate Authority's SSL Certificate and Wallet, A.8
- Regenerating the Root Certificate Authority's Certificate, A.7
- register
- class, 6.6
- Registration Authority
- RA, 1.1.2.2
- registration authority, 1.1.3, 1.3.1
- registration tool
- SSO, E.3
- reject, 2.2.3, 4.5, 4.5.1.2, 4.5.5
- rejected, 4.5, 4.5.6, 4.5.6.5
- Rejecting Certificate Requests, 4.5.1.2
- relative distinguished name, 6.5
- relative DN, 4.5.6.3
- Remove From CRL (revocation reason), 4.5.3
- remove link with SSO, 4.8.2
- REMOVE_FROM_CRL (revocation code), 4.3
- removing
- operating system files, 7.5.1, A.16
- renew, 1.1.3, 4.5, 4.5.5, 6.3, 6.3.5, 6.3.5, 6.3.5, 6.4.3, 8.2, 8.2.2
- expired certificates, 6.3
- whether/when, 6.4.3
- renewal, 6.3.5
- all policy rules, 6.4
- default period, 6.3.5, 6.3.5, 6.3.5, 6.4.3
- policy, 6.4.3
- renewal window, 4.5, 4.5.4, 6.3.5, 6.3.5, 6.3.5, 6.4.3
- RenewalCertificateRequestConstraints, 4.5.4
- renewalNotAfter, 6.3.5, 6.4.3
- renewalNotBefore, 6.3.5
- RenewalRequestConstraint, 6.3, 6.4.3
- predicate, 6.3.5
- renewcert, A.1, A.1
- renewed, 4.5.4
- renewing, 7.1.3
- critical wallets, 7.1.3
- expiring certificates, 7.1.3
- Renewing Certificates, 4.5.4
- Reorder, 6.4.5.1
- reorder a policy, 6.4.5.4
- reordering
- policies, 6.4
- Reordering Predicates, 6.5.1.3
- replace
- administrator certificate, 4.3
- repository, 2.2.5, 2.3.1, 3.4.1, 4.1
- connections, 7.6.3
- contains logs, 7.5.1
- OCA, 7.1.1, A.7
- re-associating, 7.6
- separate, 7.6
- request, 1.3.3.1, 2.2.1, 2.2.1, 2.2.3, 2.2.5, 2.3, 2.3.1, 2.3.1, 2.3.3, 2.3.3, 4.2, 4.5, 4.5.1, 4.5.6.1, 8.2
- CA signing, 8.2.3
- code signing, 8.2.3
- new, 8.2
- pending, 4.4.1
- signing, 8.2.3
- SSL/encryption, 8.2.3
- validity, 6.1
- requests
- altering by policies, 6.3
- policies rejecting, 6.2
- subjected to policies, 6.2
- required fields, 2.3.1
- re-registering
- OCA with SSO, E.3
- restart, 4.1, 4.3, A.1, A.1
- restarting
- SSO server, 4.8.2
- restrict
- DNs in certificates, 6.4.4
- restricting
- certificate parameter values, 6.2
- retrieve, 8.2.2
- revocation
- reasons, 4.3, 4.5.3.1, 7.2.3
- revocation reasons, 4.5.3
- RevocationConstraintRule, 6.4.2
- RevocationConstraints, 6.3, 6.3.4
- revoke, 1.1.3, 2.1.5, 2.2.3, 2.3.1, 4.3, 4.3, 4.5, 4.5.3, 4.5.5, 8.2, 8.2.1.1, 8.2.2, 8.2.2.3
- all policy rules, 6.4
- expired certificates, 6.3.4, 6.4.2
- revokecert, 7.2.2, A.1, A.1
- revoked, 4.5.5
- revoked CA
- administrator cannot access, 7.2.2
- revoked certificates
- list, 4.5.5
- revoking
- a Certificate Authority certificate, 7.2.2
- reasons, 7.2.3
- required before installing new CA, 7.2.2
- root certificate authority certificate, 7.2.2
- web administrator's certificate, 7.2.3
- Revoking Certificates, 4.5.3
- RFC1779
- DN usage, 6.5
- role, A.1, A.6
- root, 2.4, 8.2.4, A.7
- CA, 1.1.2.2
- root CA
- certificate, 4.5.3
- root CA signing wallet, B.2.1
- root certificate authority (CA), 7.1.1
- Root Store, 8.2.1.2.1
- RSA, 2.2.1, 4.6
- RSAKeyConstraints, 6.3, 6.3.1
- default maximum key size, 6.3.1
- default minimum key size, 6.3.1
S
- save, 8.1
- save CRL, 2.2.3
- save or install
- CA certificate, 8.2
- save or install CA certificate, 8.3
- save or install CRL, 8.2, 8.4, 8.4.2
- saving CRL, 8.4.2
- scalability, 1
- Scalability, Performance, and High Availability, 2.2.5
- scheduled jobs, 5.2.2.3
- seamless, 2.1.5
- search, 4.5.5, 8.2
- advanced, 4.5.6, 4.5.6
- criteria, 4.5.6
- all pending requests, 4.5.5
- by
- DN or DN component, 4.5.6
- email, 4.5.6
- serial number, 4.5.6
- for single certificate or request, 4.5.5
- single issued certificate, 4.5.5
- single request, 4.5.5
- using advanced DN, 4.5.6.3
- using Certificate Status, 4.5.6.5
- using DN, 4.5.6.2
- using request status, 4.5.6.1
- using serial number range, 4.5.6.4
- Search Certificate Request using Request Status, 4.5.6.1
- Search Using Advanced DN, 4.5.6.3
- Search Using Certificate Status, 4.5.6.5
- Search Using DN, 4.5.6.2
- Search Using Serial Number Range, 4.5.6.4
- secure communications, 1
- secure email, 2.1.3
- Secure Socket Layer (SSL-based) Authentication, 2.3.2
- Secure Sockets Layer, 1.3.3.2
- SSL, 1.3.3.2
- security policy, 2.3.3
- self-service, 2.1.3
- Send SMIME E-Mails, 7.1.2.2
- sending
- signed alerts & notifications, 5.2.2.1, 7.1.2.2
- serial number
- certificate, 1.1.2.3
- new Sub CA, B.2
- range, 4.5.6
- range search, 4.5.6.4
- Sub CA, B.2.1
- serial number search, 4.5.6
- server, 4.5.6.2
- certificate type, 6.5
- certificates, 6.3.2, 8.2, 8.2.3
- types, 8.2.3
- SSL authentication, 7.1.2.1
- server authentication, F
- server certificate
- acquiring, 8.2.3
- server entities, 8
- verification, 4.6
- server request
- manual, 2.3.3
- serverAuth, D.1.1
- servers
- multiple, 4.6
- Server/SubCA
- certificate request, 8.2.3, 8.2.3, 8.2.3, 8.2.4, 8.2.4, 8.2.4, B.1, B.1, B.2.1, B.2.1, B.2.1
- enrollment form, 8.2.3, 8.2.3, 8.2.3, 8.2.4, 8.2.4, 8.2.4, B.1, B.1, B.2.1, B.2.1, B.2.1
- Server/SubCA Certificates Tab, 8.2.3
- Server/SubCA Certificates tab, 2.2.3, 8.2
- session key management, 1.3.3.2
- set, A.1, A.1
- setpasswd, A.1, A.1, A.6
- settings
- database, 5.2.4.7
- directory host/agent/port in use, 5.2.4.8
- General subtab, 7.6.3, A.1
- SHA1 with RSA, 4.6
- sign digital transactions, 1.2
- signature
- digital, 1, 1.1.2.3, 1.1.2.3
- signature algorithm, 4.6
- signer, 8.2.1.1, 8.2.1.2.2
- signing, 1.1.2, 1.1.2.1, 2.3, 8.2.1.1, 8.2.4, A.1, A.7
- certificate authority, 1.1.2
- certificate usage definition, D.1
- message digests, 8.2
- software, 8.2
- signing certificate, 2.4
- single certificate or request
- finding, 4.5.5
- Single Sign-on, 2.1.4
- single sign-on, 1, 1.3.2, 1.3.3.3, 2.1.1
- Single Sign-on (see SSO), 4.8
- Single Sign-on Authentication (SSO), 8.2.1.1
- smart card, 2.2.1, 2.3, 8.2.1
- SMIME, 2.2.1, 4.6, A.1
- SMIME wallet, 7.1.1, 7.1.3
- software
- signing, 8.2
- SSL, 1.1.2.3, 1.1.2.4, 1.3.3.2, 1.3.3.2, 1.3.3.3, 2.3.3, 8.2.1, 8.2.1.3, A.1, A.6
- authentication, 8.2
- certificate, 2.4
- enabling with PKI for SSO, E
- not SSO default, 4.8
- PKI requires, 4.8
- port, 4.4, 4.8.1
- publishing, 5.2.4.1
- user
- validity period, 6.3.2
- user can renew, 8.2.2, 8.2.2.2
- user can revoke, 8.2.2.3
- validity check, 4.6, 4.6
- with OCA, 7.1.2.1, B.2.2
- SSL authentication
- server, 7.1.2.1
- SSL mode
- configured automatically, 7.2.1
- SSL server
- wallet password, 7.2.1
- SSL Server wallet, A.2
- SSL wallet, 7.1.1
- SSLCARevocationFilePath, 8.4.2
- SSO, 1.3.3.3, 2.1.1, 2.2.3, 2.3, 2.3.1, 2.3.3, 3.4.1, 4.8, 8.2.1, 8.2.1.1, A.2
- application usage, 4.8.3
- broadcast OCA request page, 4.8, 4.8.1
- can use OCA certificate, 4.8.2
- default deployment, 4.8
- enabling PKI with OCA, 4.9.1
- enabling ssl and pki, 4.9.1
- enabling with SSL and PKI, E
- getting an OCA certificate directly, 4.8
- import certificate to browser, 4.8.2
- link with OCA, 4.8.2
- login page, 8.2.1.1
- mod_osso, 2.3
- OCA configuration choices, 4.8
- registration tool, E.3
- server restart, 4.8.2
- usage of certificates, 4.8.3
- user
- validity period, 6.3.2
- user can renew, 8.2.2, 8.2.2.2
- user can revoke, 8.2.2.3
- users
- choose key size, 4.8.2
- wallet, 7.2.1
- welcome page, 4.8.2
- SSO Certificate Request, 4.8.1
- SSO wallet
- encrypted, 7.2.1
- protected by file permissions, 7.2.1
- standards, D
- start, 2.2.3, 4, 4.1, 4.1, 4.3, A.1, A.1, A.1, A.1, A.3
- OC4J, 4.8.2, 6.6.2, 6.6.2, A.3, A.4, A.11, A.11, B.2, B.2
- ohs, 6.6.2, 6.6.2, A.3, A.11, A.11, B.2, B.2
- status, 4.1, A.1, A.5
- approved, rejected, or pending, 4.5.5
- certificate
- valid, revoked, expired, 4.5.6, 4.5.6.5
- RenewalRequestConstraint, 6.3.5
- RevocationConstraints, 6.3.4
- RSAKeyConstraints, 6.3.1
- uniquecertificateconstraint, 6.3.3
- validity rule, 6.3.2
- Steps in Creating a New Policy Plug-in, 6.6.2
- stop, 2.2.3, 4, 4.1, 4.1, 4.3, 4.3, A.1, A.1, A.1, A.4
- OC4J, 4.8.2, 6.6.2, 6.6.2, A.3, A.4, A.11, A.11, B.2, B.2
- ohs, 6.6.2, 6.6.2, A.3, A.11, A.11, B.2, B.2
- storing connection information, 7.6.3
- string values, 6.5
- Structure of the Administration Interface, 5.1
- Sub CA
- common name, B.2.1
- new
- invalidates older SMIME certificate, B.2.2
- invalidates older SSL certificate, B.2.2
- serial number, B.2
- serial number, B.2.1
- Sub CA certificate, 4.5.1.1
- sub CA certificate
- acquire and import, B
- Sub CA Signing Wallet
- installing/importing, B.2
- Sub CA Signing wallet
- directory, B.2
- Sub CA signing wallet, B.2.1
- generating, B.2.1
- SUBCA, A.1
- Subject Name, 4.2
- Subordinate CA
- certificates, 8.2.4
- subordinate CA, 1.1.2.2, 2.4, 8.2.3
- geographical advantages, 2.4
- subordinate CA request
- manual, 2.3.3
- subordinate certificate authority
- acquire and import, B
- subordinate organizations
- Sub CA signing wallet, B.2.1
- subscriber name, 4.8.3
- subtabs, 4.4, 6.4
- General, 5.2.3, 5.2.4
- SUPERSEDED (revocation code), 4.3
- Superseded (revocation reason), 4.5.3
- Support for Open Standards, 2.2.1
- symmetric, 1.1.1
- synchronization
- directory, 5.2.2.3
- syntax, A.1, A.2
T
- tabs, 2.2.3
- Administration Setup, 2.2.3
- Certificate Management, 2.2.3
- certificate management, 4.4.1
- tasks
- configuration, 5.2.1
- general subtab, 5.2.1
- notification subtab, 5.2.1
- Policy Sub-tab, 5.2.1
- Thawte, 1.1.2
- third-party, 8.2.4
- SSL wallet, 7.2.1
- trusted, 1.1.2
- third-party wallet, A.2
- time, 7.2.4
- top-down evaluation of predicates, 6.5.1.2
- TRACE, A.1
- trace, 7.5
- clearing, 7.5.1
- oca.trc, 7.5.1
- trace file, 5.2.4.5
- tracer, A.1, A.3
- tracing, 5.2.4.5
- training, 3.2.1.2
- troubleshooting, C
- trust
- levels, 1.1.2.2
- paths, 2.4
- trust environment, 4.6
- trust point, 7.2.1, B
- trust points
- copying, B.2.1
- trusted certificate, B.2.1
- editing uses, 8.2.1.1, 8.2.1.2.2
- trusted entities, 1.1, 1.1.2.2, 4.5.1.1
- trusted-certificate-DNs
- allow/disallow requests, 6.4.1
- trusting a certificate issuer in Firefox, 8.2.1.2.3
- trusting a certificate issuer in Internet Explorer, 8.2.1.2.1
- trusting a certificate issuer in Netscape, 8.2.1.2.2
- TrustPointDNCustomRule, 6.4.4
- type, A.1, A.6
- types
- certificate, 8.2
- in predicates, 6.5
U
- unauthorized access, 1.2
- prevention, 1.1
- UniqueCertificateConstraint, 6.3, 6.3.3
- checks usage and DN, 6.3.3
- uniquecertificateconstraint
- parameter, 6.3.3
- UNIX, 4.3
- unlinksso, 4.8.2, A.1, A.1
- UNSPECIFIED (revocation code), 4.3
- Unspecified (revocation reason), 4.5.3
- update CRL, 2.2.3
- updateconnection, 5.2.4.7, 5.2.4.8, A.1, A.1, A.14
- updating the CRL, 4.6
- URL
- certificate request for SSO users, 4.8.1
- URLC token, 4.8.3
- usage
- CA signing, B.2.1
- usages
- in predicates, 6.5
- use case, 3.5.2
- user
- training, 3.2.1.2
- User Certificates page, 2.2.3
- User Certificates tab, 2.2.3
- user interface
- accessing, 8.1
- certificate operations, 8.2.2
- certificate renewal, 8.2.2.2
- certificate retrieval, 8.2.2.1
- certificate revocation, 8.2.2.3
- configuring your browser to trust OCA, 8.2.1.2
- downloading a CA certificate, 8.3
- end-user tabs and processes, 8.2
- exporting wallet from browser, 8.6
- importing certificate from your file system, 8.7
- importing certificate to browser, 8.5
- manual authentication, 8.2.1.4
- saving CRL, 8.4.2
- server/subca certificates tab, 8.2.3
- SSL, 8.2.1.3
- SSO, 8.2.1.1
- subordinate CA certificates, 8.2.4
- user certificates tab, 8.2.1
- Using Advanced Search, 4.5.6
V
- validation
- key, 1.1.2
- validity period, 4.2, 4.2, 4.5.1.1, 4.5.5, 6.3, 8.2.1.1, 8.2.3
- default maximum, 6.3.2
- default minimum, 6.3.2
- default period, 6.3.2
- defaults, 6.4.1
- for SSO- or SSL-authenticated users, 4.5.4
- for the CA, 6.3.2
- default, 6.3.2
- minimum and maximum, 6.3.2
- narrow/widen range, 6.4.1
- predicate, 6.3.2
- rejecting, 6.3.2
- renewcert, 7.1.3
- wallets
- default values, 4.9
- validityPeriod
- renewal default, 6.3.5
- ValidityRule, 6.3, 6.3.2
- values, 6.1
- in predicates, 6.5
- parameters, 6.4.5.1
- values at installation, 4.9
- Verisign, 1.1.2
- view, 4.5.2, 8.2
- log or trace, 5.2.4.5
- View Details, 4.5.1.1, 4.5.5
- View Logs Tab, 5.3
- View Policies For, 6.4
- Viewing Details of Certificates, 4.5.2
- viewing logs, 4
- virtual host, F
W
- wallet
- as container, 1.1.2.4
- CA SMIME
- regenerating, 7.1.1, A.7
- CA SSL
- regenerating, 7.1.1, A.7
- compromised or corrupted, 7.1.2.1, B.2.2
- contents, 1.1.2.4
- Oracle, 1.1.2.4
- password, 7.1.2.1
- changing, 7.1.4
- password superseded, 7.2.1
- regenerated, 7.1.2.1, B.2.2
- regenerating, 7.1.1
- wallet operations, 7.1
- wallet-location, A.2
- wallets, 1.3.3.1, 7.1, 7.1.3, A.1, A.8
- backing up, 7.2.1
- CA SMIME, 7.1.2.2
- regenerating, 7.1.2.2
- locations, 4.9
- SMIME, 7.1.3
- SSO format, 7.2.1
- walletwrl, A.2
- web administration interface, 4.4
- web administrative interface, 4
- access, 4.2
- web administrator certificate, 4.2, 4.3
- web administrator's certificate
- revoking, 7.2.3
- web interface
- administrative, 2.2.3
- end-user, 2.2.3
- welcome page, 4.2
- for SSO users, 4.8.2
- window
- renewal, 4.5, 4.5.4, 6.3.5, 6.3.5, 6.3.5, 6.4.3
- Windows NT, 4.3
- writing a policy plug-in, 6.2
X
- X.509, Preface, 1.1.2.3, 1.1.2.3, 1.1.2.3, 1.3.3.1, 2, 2, 2.1.1, 2.1.1, 2.2.1, 2.3, 2.3.2, A.11, A.11, B.2, D