Setting Up Publishing - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Setting Up Publishing

For rules that specify to publish to a file, a new file is created when either a certificate or a
CRL is issued in the stipulated directory.
For rules that specify to publish to an LDAP directory, the certificate or CRL is published to
the entry specified in the directory, in the attribute specified. Note that the certificate or
CRL will replace any certificate or CRL that is already published to this attribute.
For rules that specify to publish to an Online Certificate Status Manager, a CRL is
published to this manager, certificates are not published to an Online Certificate Status
Manager.
For LDAP publishing, the location of the user's entry needs to be determined. Mappers are
used to determine the entry in which to publish. The mappers can contain an exact DN for
the entry, or it can contain some variable that associates information that can be gotten from
the certificate or the certificate request to create the DN, or to provide enough information
to search the directory for a unique attribute or set of attributes in the entry to ascertain the
correct DN for the entry.
When you revoke a certificate, the server uses the publishing rules to locate and delete the
corresponding certificate from the LDAP directory or from the file system.
When a certificate expires, the server can remove that certificate from the configured
directory. Note that the server doesn't do this automatically. You need to configure the
server to run the appropriate job. For details, see Chapter 14, "Automated Jobs.
Setting Up Publishing
To Set Up Publishing:
For file publishing, create a publisher for each location you will publish files to.
1.
❍
❍
For complete details about setting up Publishers, see "Configuring Publishers for
Publishing to a File," on page 601.
For OCSP publishing, create a publisher for each location in the Online Certificate
2.
Status Manager you will publish CRLs to.
598 Red Hat Certificate System Administrator's Guide • September 2005
If you are publishing everything to one location, create one publisher specifying
the location where you want to publish all files.
If you are publishing to separate locations, create a publisher for each location you
will publish to specifying the location you will publish. You can split these up by
certificates and CRLs, or by even finer definitions. You use Rules to determine
which type to publish, and then tell the rule which location to publish to by
associating the Rule with the Publisher you create in this step.