Step F. Modify The Certificate Mapping File - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Configuring a Certificate Manager to Publish Certificates and CRLs

Step F. Modify the Certificate Mapping File

This step explains how to modify the
mapping rule for the CA's entry you created. You need to go through this step only
if you configured the directory for SSL client authenticated communication.
Otherwise, skip to "Step G. Restart Directory Server" on page 636.
When the Certificate Manager presents its certificate for SSL client authentication,
Directory Server uses the mapping rule specified in the
the corresponding entry in the directory and then determine the access privileges
set for the entry. The certificate mapping file is located in the
<server_root>/shared/config
in which the Directory Server binaries are installed.
The
certmap.conf
• Where in the directory tree the server should begin its search for locating the
entry in the directory
• What certificate attributes the server should use as search criteria when
searching for the entry in the directory
• Whether the server needs to go through any additional verification process
The file contains one or more named mappings, each applying to a different CA. A
mapping has the following syntax:
certmap <name> <issuerDN>
<name>:<property1> [<value1>]
<name>:<property2> [<value2]
...
<name>:<propertyn> [<valuen]
The first line specifies a name for the entry and the DN of the issuer of the client
certificate—in this case, the issuer of the certificate the Certificate Manager will
present during client authentication. (By default, the Certificate Manager uses its
SSL server certificate generated during installation.) The name is arbitrary; you can
define it to be whatever you want. However, the issuer DN must exactly match the
issuer DN of the CA that has issued the certificate the Certificate Manager will use
for client authentication. For example, the following two issuer DN lines differ only
in the number of spaces separating the attribute value assertions (AVAs), but the
Directory Server will treat these two entries as different:
certmap moz CN=myCA,OU=myDept,O=myCompany,C=myCountry
certmap moz CN=myCA,OU=myDept,O=myCompany, C=myCountry
632 Netscape Certificate Management System Installation and Setup Guide • October 2001
certmap.conf
directory, where
file specifies the following:
file to add a certificate
file to locate
certmap.conf
is the directory
<server_root>