Overview
Are your users capable of managing their own PKI credentials?
Let CMU automate the common maintenance tasks that most users find difficult or confusing.
|
|
The CMU can:
• facilitate PKI enrollment
• reconfigure critical applications after key rollover
• synchronize user credentials between web browsers
• create secure backups of user credentials
• configure user CAPI, MAPI, S/MIME, and GAL profiles transparently
Imagine what you'll save in help desk calls alone!
CMU scripts can be easily packaged as self-extracting/self-executing packages that users can run from your corporate web server by simply clicking on a link.
Supported Applications
The ISC CMU supports the following applications:
• Microsoft Internet Explorer 5.0 and above
• Microsoft Outlook 2000, 2002, and 2003
• Microsoft Exchange 5.5 and above
• Netscape 4.75 and above
• Mozilla 1.1, 1.6, and above
• SecretAgent 5.x
FireFox 1.0 and above can be supported by using the -d' option to specify the root directory of its user profile tree.
Detailed Function List
The principal functions provided by the CMU are:
Key |
Function |
Description |
i |
import |
import specified PKCS#7 and PKCS#12 files into the certificate stores of all supported browsers |
e |
export |
backup user credentials as PKCS#12 files from all supported browsers to a local backup folder; descriptive file names are automatically generated to make it easy to locate a particular key pair in an emergency |
l |
list |
display the friendly names of all PKCS#12 files in a local backup folder |
s |
synchronize |
import into all supported browsers PKCS#12 files found in a local backup folder together with all new PKCS#7 and PKCS#12 files specified on the command line |
p |
publish to GAL |
publish the user's freshest certificate to the global address list (GAL) using MAPI to automatically identify the user account and appropriate Exchange Server host |
r |
reinitialize |
back up the user's existing default Netscape databases and recreate them using the specified password (useful when a user forgets his Netscape database password) |
b |
configure Outlook S/MIME |
add S/MIME encrypt and sign buttons to Outlook's message composition toolbar (works with
Outlook 2000/2002/2003; Outlook 97/98 can be supported with a special cmu build) |
c |
configure CAPI client authentication |
configure the user's CAPI store so that IE does not prompt for certificate selection during client authentication, but rather automatically provides the user's freshest signing certificate |
m |
configure MAPI security |
sets the user's freshest signing and/or encrypting certificate(s) found in CAPI as the S/MIME certificates in the user's default MAPI security profile for use with Outlook (extremely useful after key rollover) |
d |
POST file or string; download file from specified URL |
uses HTTPS to retrieve an arbitrary file from a specified web server (can be used to retrieve certificates, CRLs, or even auxiliary cmu batch scripts); latest version allows file (or literal string) to be POST'ed to the server |
A large number of options allow you to customize the CMU to best fit your particular PKI management needs. And ISC is always willing to add related features that we may not have already thought of. Let us know what new functions you need!
Additional Information
CMU 1.9 Command Line Interface Documentation (PDF updated 6/11/07)
The size of the cmu executable alone is roughly 800KB. Included in the standard distribution are three optional 'tools directories' that provide support for the three different Netscape/Mozilla database architectures that have been fielded since release 4.75. Each set of optional database 'tools' adds 1-2MB to the size of the total package. Of couse, the cmu executable and any necessary 'tools' can be pulled upon demand from a shared file/application server, so the total 'footprint' on end user systems is minimal. (The cmu inspects each Netscape/Mozilla database it encounters to determine which version(s) of the tools are required. Program configuration variables can be used to specify the locations of the various tool directories if they are not in their default locations immediately underneath the cmu.exe directory.)
Contact ISC
|
