Publishing To Certificates And Crls To Files; Publishing To Certificates And Crls To A Directory - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Publishing Decisions

Publishing to Certificates and CRLs to Files

Any Certificate Manager that publishes certificates or CRLs to files need to specify
the location for storing these files. There will be a file for each certificate and CRL,
so the specified location must have sufficient disk space for storing these files. For
detailed information on publishing certificates and CRLs to files, see Chapter 20,
"Publishing Certificates and CRLs to a File."
Publishing to Certificates and CRLs to a
Directory
Any Certificate Manager that publishes certificates or CRLs to a directory must
specify the host name and port number for the directory and indicate whether
communication should take place over SSL. The Certificate Manager must also
specify how it should identify itself to the directory—by using password-based
authentication or SSL client authentication. Finally, the directory itself must be
configured (typically by the directory administrator) to authenticate the Certificate
Manager in the specified manner.
Note that it's not possible to configure the Registration Manager to publish
certificates or CRLs. The Certificate Manager has the complete record of issued
certificates and that the publishing tasks be performed by the Certificate Manager
only. If it's necessary for some entries in a directory to be available outside the
firewall, Netscape recommends using the partial replication feature of Directory
Server to replicate the relevant portion of the directory to which the Certificate
Manager publishes.
This guide assumes that you have already deployed an LDAP-compliant directory
(LDAP 2.0 or higher) for your enterprise; it does not cover directory planning and
configuration. For information on Netscape Directory Server deployment, see the
documentation that comes with that product.
Configuration of the publishing or corporate directory should take place before
you install any Certificate Management System subsystems. Configuration details
that the directory administrator may need to take care of include the following:
• If the authentication mechanism uses a DN (identifying the directory subtree in
which the subsystem can publish certificates) and password, the directory
administrator needs to set up a corresponding access control list (ACL).
178 Netscape Certificate Management System Installation and Setup Guide • October 2001