The Certificate Management Console (CMC) is used to manage certificates for CCS. The console is installed on the same system as the Encryption Management Services. The console cannot be accessed remotely. You must be logged on to the system that hosts the Encryption Management Services to access the CMC. Any user can open the CMC to review the certificates.
You can Search on any of the properties. You can Clear the results of the search.
Table: Certificate properties
The component that is used during the certificate creation.
Date and time when the certificate is no longer valid
The fully qualified domain address for the component
The serial number is a unique identifier for a certificate. The number lets you identify a certificate if multiple certificates exist for the same component.
The certificate is connected to a certain component
The top level of the certificate hierarchy
The certificate is not connected to a component
The certificate is no longer needed but not removed
The Disabled/Unbound status is used for the certificates that should no longer be bound due to the uninstall of a component. A certificate with this status can safely be removed. You can rebind a certificate in the Disabled/Unbound state in the Certificate Management Console. Disabled/Unbound CCS Manager certificates may only be bound if the component has been registered in the CCS Console.
A certificate that is removed no longer is available to the system and is not visible in the CMC.
You can do a search on the certificates on any of the columns. You can drag a column header to group the certificates by that column.
A user can be a local administrator but must be an ADAM administrator and know the root certificate password to do the following:
In the CMC, the user activates a certificate by selecting the appropriate check box. After the check box has been selected, the user can renew, unbound, or remove a certificate. A certificate that is unbound but not removed has a status of disabled/unbound.
The type of installation determines the number of certificates that are created automatically. A CCS Application Server installation always creates the root certificate. The Application Server install also creates and binds the Management Service certificate. If you have installed the CCS Application Server and the CCS Manager on a single computer, the installation creates a certificate for the CCS Manager. The CCS Application Server installation does not create the certificates that are needed to install the stand-alone CCS Managers. For stand-alone CCS Managers, certificates must be created manually using the Certificate Management Console. You must create the service type certificate for each installed component. For example, if your system has 50 CCS Managers, you must create 50 certificates. Each CCS component has a host registration in ADAM. The CCS Manager certificate is not bound during the installation. The certificate is created but its host record is not created during installation so the certificate cannot be bound until the CCS Manager registration occurs. The registration process both creates the host record and binds the certificate to the host record. The CCS Manager Certificate is unbound until the CCS Manager is registered in System Topology in the CCS Console.
In a CCS installation, the following certificates are created automatically: