Step B. Add An Entry For The Ca - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Required Schema for Publishing the CA Certificate
The Certificate Manager publishes its own CA certificate in the
caCertificate;binary
started; this is the object that corresponds to the Certificate Manager's issuer name.
This is a required attribute of the
the Certificate Manager will add this object class to the directory entry for the CA,
provided that it finds the CA's directory entry.
Required Schema for Publishing CRLs
The Certificate Manager maintains its list of revoked certificates in its internal
database; this list is called the certificate revocation list (CRL). You can configure
the server to publish the CRL to the directory whenever it is generated, which
could be when a certificate is revoked and at regular intervals. You can also
manually trigger the server to generate a CRL and publish it to the directory.
The Certificate Manager publishes the updated CRL to the CA's directory object
under this attribute:
certificateRevocationList;binary
This attribute is an attribute of the object class
value of the attribute is the DER encoded binary X.509 certificate revocation list.
The CA's entry must already be a certificate authority.

Step B. Add an Entry for the CA

Complete this step only if you want to manually create an entry for your CA in the
directory—that is, you do not want use the automated feature built into the
LdapCaSimpleCAMap
For the Certificate Manager to publish its CA certificate and CRL, the directory
must include an entry for the CA. This section explains how to manually add this
entry in Netscape Directory Server 4.x using the Directory Server window (which
you can launch from within Netscape Console). To add this entry in Netscape
Directory Server 3.x, use its HTML forms-based interface (also called the HTTP
gateway).
When adding the CA's entry to the directory, you need to select the entry type
based on the distinguished name of your CA:
• If your CA's distinguished name begins with the
entry for the CA. (If you select a different type of entry, the interface
person
may not allow you to specify a value for the
• If your CA's distinguished name begins with the
organizational unit
Configuring a Certificate Manager to Publish Certificates and CRLs
attribute of the CA's directory object when the server is
certificationAuthority
plug-in module for creating the CA's entry in a directory.
entry for the CA.
object class. Note that
.
certificationAuthority
component, create a new
CN
component.)
CN
component, create a new
OU
Chapter 19 Setting Up LDAP Publishing
. The
619