Manually Updating Certificates In The Directory - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Updating Certificates and CRLs in a Directory
To help find certificates that are out of sync with the directory—that is, valid certificates
that are not in the directory and revoked or expired certificates that are still in the
directory—the Certificate Manager keeps a record of whether a certificate in its internal
database has been published to the directory. If the Certificate Manager and the publishing
directory become out of sync, you can use the Update Directory option in the Certificate
Manager Agent Services interface to synchronize the publishing directory with the internal
database.
The following choices are available for synchronizing the directory with the internal
database:
•
Search the internal database for certificates that are out of sync and publish or
unpublish accordingly.
•
Publish certificates that were issued from time A to time B while Directory Server was
down. Similarly, unpublish certificates that were revoked or that expired while
Directory Server was down.
•
Publish or unpublish a range of certificates based on serial numbers (from serial
number
Normally you do not need to manually update the directory with certificate-related
information; if configured properly, the Certificate Manager handles the updates
automatically. However, a situation might arise in which you need to update the directory
manually. For example, Directory Server might be down for a while and be unable to
receive changes from the Certificate Manager. In such a situation, use the forms provided in
the Certificate Manager Agent Services interface to manually update the directory.
Certificate Manager's publishing directory can be manually updated by a Certificate
Manager agent only.
Manually Updating Certificates in the Directory
The Update Directory Server form in the Certificate Manager Agent Services interface
enables you to manually update the directory with certificate-related information. This form
lets you initiate a combination of the following operations:
•
Update the directory with certificates.
•
Remove expired certificates from the directory.
Note that you can automate removal of expired certificates from the publishing
directory by scheduling an automated job. For details, see Chapter 14, "Automated
Jobs."
•
Remove revoked certificates from the directory.
636
Red Hat Certificate System Administrator's Guide • September 2005
to serial number
).
xx
yy
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?