1.3. Accessing Agent Services

Access to the agent services forms requires certificate-based authentication. Only users who authenticate with the correct certificate and who have been granted the appropriate access privilege can access and use the forms. Operations are performed over SSL, so the server connection uses HTTPS on the SSL agent port.
The agent services URLs use the following format:
https://hostname:port/subsystem_type/agent/subsystem_type
The hostname can be a fully-qualified domain name, simply the hostname (if it is on an intranet), or an IPv4 or IPv6 address.
The port is the SSL port number used to access agent services (there are two other SSL ports for administrative and end user services, as well). The default agent SSL port numbers for the subsystem are as follows:
  • 9443 for the CA
  • 10443 for the DRM
  • 12889 for the RA
  • 11443 for the OCSP
  • 7889 for the TPS
The port number may be different if the agent services use a user-defined port set with the -agent_secure_port when the instance was created with pkicreate.
The subsystem_type type is one of the following:
  • ca for the CA
  • ra for the RA
  • kra for the DRM
  • ocsp for the Online Certificate Status Manager
  • tps for the TPS
For example, if a CA is installed on a host named server.example.com and is listening on port 9443, the URL to access the agent services interface is https://server.example.com:9443/ca/agent/ca.
There is also a general services page for each subsystem. The services page has links to the all of the HTML pages for the subsystem, such as agent and end entities, as well as the administration page if the subsystem has not yet been configured. The URL for the services page, for this example, is https://server.example.com:9445/ca/services.
Certificate Manager Services Page

Figure 1.8. Certificate Manager Services Page


NOTE

The services pages are written in HTML and are intended to be customized. This document describes the default pages. If an administrator has customized the agent services pages, those pages may differ from those described here. Check with the Certificate System administrator for information on the local installation.