Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual page 634

Configuring a Certificate Manager to Publish Certificates and CRLs
•
verifycert
Certificate Manager presents during client authentication with the certificate
found in the Certificate Manager's entry in the directory. It takes one of the two
values:
single sign-on solution. This ensures that Directory Server will authenticate the
Certificate Manager unless the certificate presented exactly matches the
certificate stored in the directory.
The following two examples illustrate two different ways you can use the
certmap.conf
certmap default default
default:dnComps
default:filterComps E, UID
certmap MyCA CN=CA,OU=MyGroup,O=MyCompany,C=US
MyCA:dnComps OU,O,C
MyCA:filterComps E
MyCA:verifycert on
This file has two mappings: a default one and another for
Directory Server gets a certificate from anyone other than
default mapping, which starts at the top of the LDAP tree and searches for an entry
matching the client's email address and user ID. If the certificate is from
server starts its search at the LDAP branch containing the organizational unit and
searches for matching email addresses. Also note that if the certificate is from
the server verifies the certificate with the one stored for the entry in the directory;
other certificates are not verified. Note that the issuer DN in the certificate must be
identical to the issuer DN listed in the first line of the mapping. Even an extra space
after a comma will cause a mismatch.
To modify the
In the Directory Server host machine, go to this directory:
1.
<server_root>/shared/config
Open the
2.
634 Netscape Certificate Management System Installation and Setup Guide • October 2001
—This tells the server whether it should compare the certificate the
or . It is recommended that you set this to
on off
file.
file:
certmap.conf
file in a text editor.
certmap.conf
for a complete
on
. When the
MyCA
, the server uses the
MyCA
, the
MyCA
MyCA
,