Directory Authentication Method; Updating Certificates And Crls In A Directory - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

To provide the Certificate Manager with a user entry that has read-write permission, you
can do either of the following:
• Use the DN of an existing entry that has write access. For example, you can use the
entry of the Directory Manager or choose an alternative.
• Give write access to a user entry created for this purpose. The entry can be identified by
the Certificate Manager's DN. For example, it may look like this:
CN=testCA, OU=Research Dept, O=Example Corporation,
ST=California, C=US
Note, you need to carefully consider what privileges you give this user. You may want
to restrict exactly what this user can write to the directory by setting ACLs that restrict
this user's rights. For instructions on giving write access to the Certificate Manager's
entry, see your LDAP directory documentation.

Directory Authentication Method

Depending on how you want the Certificate Manager to authenticate to the directory, you
must set up Directory Server for one of the following methods of communication:
• Publishing With Basic Authentication
• Publishing Over SSL Without Client Authentication
• Publishing Over SSL With Client Authentication
See the Red Hat Directory Server documentation for complete instructions on setting up
these methods of communication with the server.

Updating Certificates and CRLs in a Directory

The Certificate Manager and the publishing directory can become out of sync if certificates
are issued or revoked while Directory Server is down. Certificates that were issued or
revoked need to be published or unpublished manually when Directory Server comes back
up.
Updating Certificates and CRLs in a Directory
Chapter 16 Publishing 635