Configuring Publishing To A File - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
The attributes set by default are the X.500 standard attributes for storing each object type.
This attribute can be changed in the publisher, but, generally, LDAP publishers do not need
changed. For more information, see
Directory".
c. Set up mappers to enable an entry's DN to be derived from the certificate's subject name.
This generally does not need set for CA certificates, CRLs, and user certificates. There can
be more than one mapper set for a type of certificate. This can be useful, for example, to
publish certificates for two sets of users from different divisions of a company who are located
in different parts of the directory tree. A mapper is created for each of the groups to specify a
different branch of the tree.
For details about setting up mappers, see
After setting up the publishing locations, then define rules to determine what certificates are published
(Section 8.2.4, "Creating
where
CRL that is being published is matched against every rule. Any rule which it matches is activated. The
same certificate can be published to a file and to an LDAP directory by matching a file-based rule and
matching a directory-based rule.
Rules can be set for each object type: CA certificates, CRLs, user certificates, and cross-pair
certificates. There can be different rules for different kinds of certificates or different kinds of CRLs.
The rule first determines if the object meets the criteria by matching the type and predicate set in the
rule. The destination of matching objects is determined by the publisher and mapper associated with
the rule.
After setting up all of the publishers, mappers, and rules, enable publishing
Publishing"). As soon as publishing is enabled, the server starts publishing immediately. If the
publishers, mappers, and rules are not completely configured, publishing may not work correctly or at
all.
8.2.1. Configuring Publishing to a File
Publishers must be created and configured for each publishing location; publishers are not
automatically created for publishing to a file. To publish all files to a single location, create one
publisher. To publish to different locations, create a publisher for each location. A location can either
contain an object type, like user certificates, or a subset of an object type, like West Coast user
certificates.
To create publishers for publishing to files:
1. Log into the Certificate Manager Console.
pkiconsole https://server.example.com:9445/ca
2. In the Configuration tab, select Certificate Manager from the navigation tree on the left. Select
Publishing, and then Publishers.
The Publishers Management tab, which lists configured publisher instances, opens on the right.
Section 8.2.3, "Configuring Publishing to an LDAP
Section 8.2.3.3, "Creating
Rules"). Rules work independently, not in tandem. A certificate or
Configuring Publishing to a File
Mappers".
(Section 8.2.5, "Enabling
207
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?