About Ldap Publishing - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
About Publishing
•
For each certificate the server issues, it creates a file that contains the certificate in its
DER-encoded format. Each file is named
<serial_number>
For example, the filename for a certificate with serial number
cert-1234.der
•
Every time the server generates a CRL, it creates a file that contains the new CRL in its
DER-encoded format. Each file is named as
<this_update>
This Update
with
crl-949102696899.der
About LDAP Publishing
The ability of a server to publish certificates, CRLs, and other certificate-related objects to a
directory using the LDAP or LDAPS protocol is called LDAP publishing and the directory
to which it publishes is called the publishing directory.
•
For each certificate the server issues, it creates a blob that contains the certificate in its
DER-encoded format in the specified attribute of the user's entry. The certificate is
published as a DER encoded binary blob.
•
Every time the server generates a CRL, it creates a blob that contains the new CRL in
its DER-encoded format in the specified attribute of the entry for the CA.
The server can publish certificates and CRLs to an LDAP-compliant directory using the
LDAP protocol or LDAP over SSL (LDAPS) protocol, and applications can retrieve the
certificates and CRLs over HTTP. Support for retrieving certificates and CRLs over HTTP
enables some browsers, such as Netscape Communicator, to automatically import the latest
CRL from the directory that receives regular updates from the server. The browser can then
use the CRL to automatically check all certificates to ensure that they have not been
revoked.
For LDAP publishing to work, the user entry must be present in the LDAP directory.
If the server and publishing directory become out of sync for some reason, privileged users
(administrators and agents) can also manually initiate the publishing process. For
instructions, see "Manually Updating the CRL in the Directory" on page 638.
596
Red Hat Certificate System Administrator's Guide • September 2005
specifies the serial number of the certificate contained in the file.
.
specifies the value derived from the time-dependent variable named
of the CRL contained in the file. For example, the filename for a CRL
This Update: Friday January 28 15:36:00 PST 2000
.
cert-<serial_number>.der
1234
crl-<this_update>.der
, where
will be
, where
, will be
Advertisement
Table of Contents
