Predicates Used In Publishing Rules; Enabling Publishing - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

15.5.2. Predicates Used in Publishing Rules

Table 15.3, "Predicate Expressions"
and delta CRLs and certificate profiles.
Predicate Type
CRL Issuing Point
Certificate Profile
Table 15.3. Predicate Expressions

15.6. Enabling Publishing

Publishing can be enabled for only files, only LDAP, or both. Publishing should be enabled after
setting up publishers, rules, and mappers. Once enabled, the server will attempt to begin publishing.
If publishing was not configured correctly before being enabled, publishing may exhibit undesirable
behavior or may fail.
Enable publishing by doing the following:
1. Log into the Certificate Manager Console.
pkiconsole https://server.example.com:9443/ca
2. In the Configuration tab, select Certificate Manager from the navigation tree on the left. Select
Publishing.
The right pane shows the details for publishing to an LDAP-compliant directory.
3. To enable publishing to a file only, select Enable Publishing.
4. To enable LDAP publishing, select both Enable Publishing and Enable Default LDAP
Connection.
lists the predicates that can be used to identify CRL issuing points
Predicate
issuingPointId==Issuing_Point_Instance_ID
&& isDeltaCRl==[true|false]
To publish only the master CRL, set
isDeltaCRl==false. To publish only the delta
CRL, set isDeltaCRl==true. To publish both,
set a rule for the master CRL and another rule for
the delta CRL.
profileId==profile_name
To publish certificates based on the profile used
to issue them, set profileId== to a profile
name, such as caServerCert.
Predicates Used in Publishing Rules
355