Step 1. Set Up The Directory For Publishing Certificates And Crls - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Setting up CEP Enrollment Manually
If you want to publish to any other LDAP-compliant directory, read Chapter 19,
"Setting Up LDAP Publishing."
To set up CEP enrollment manually, follow these steps:
•

Step 1. Set up the Directory for Publishing Certificates and CRLs

• Step 2. Configure the Certificate Manager for Publishing Certificates and CRLs
• Step 3. Set Up Automated Enrollment (optional)
• Step 4. Set Up Multiple CEP Services (optional)
Step 1. Set up the Directory for Publishing
Certificates and CRLs
Chapter 19, "Setting Up LDAP Publishing contains information on setting up
Netscape Directory Server for publishing certificates and CRLs—it covers directory
schema required for publishing certificates and the attributes to which a Certificate
Manager publishes end-entity certificates and CRLs.
For the configuration directory to support publishing of certificates and CRLs, you
need to verify two things:
• The Directory Server schema—verify that the directory schema can
accommodate router and VPN client certificates. You may need to update the
Directory Server's schema. The reason for this is, if you plan on publishing
certificates from routers, they may need to be published with the same DN as
their certificate subject names. For example, if the certificate subject name
contains
need to add them to the directory schema.
unstructuredAddress, 1.2.840.113549.1.9.7, string
unstructuredName, 1.2.840.113549.1.9.8, string
To modify the schema you can use the Directory Server window, which can be
launched from within Netscape Console. Alternatively, you can prepare an
LDIF file with the changes you want to make and then run the LDAP modify
command. Check the directory documentation for instructions.
812 Netscape Certificate Management System Installation and Setup Guide • October 2001
UnstructuredAddress
or
UnstructuredName
components, you may