Publishing Crls To The Online Certificate Status Manager - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.0:
- Manual (302 pages) ,
- Installation and migration manual (66 pages) ,
- Administrator's manual (470 pages)
Table of Contents
Advertisement
Note that it's not possible to configure the Registration Manager to publish
certificates or CRLs. The Certificate Manager has the complete record of issued
certificates and that the publishing tasks be performed by the Certificate Manager
only. If it's necessary for some entries in a directory to be available outside the
firewall, Netscape recommends using the partial replication feature of Directory
Server to replicate the relevant portion of the directory to which the Certificate
Manager publishes.
This guide assumes that you have already deployed an LDAP-compliant directory
(LDAP 2.0 or higher) for your enterprise; it does not cover directory planning and
configuration. For information on Netscape Directory Server deployment, see the
documentation that comes with that product.
Configuration of the publishing or corporate directory should take place before
you install any Certificate Management System subsystems. Configuration details
that the directory administrator may need to take care of include the following:
•
If the authentication mechanism uses a DN (identifying the directory subtree in
which the subsystem can publish certificates) and password, the directory
administrator needs to set up a corresponding access control list (ACL).
•
If authentication is based on SSL client authentication, the directory
administrator needs to create an entry in the directory's
The
certmap.conf
directory entry that specifies write permission to the appropriate portion of the
directory tree.
•
If you intend to publish certificates to the directory, the directory administrator
needs to have an entry for each user to whom you intend to issue a certificate,
and the directory schema must include a location to which the certificate
should be published. If you want to publish the CA certificate or CRL, you will
also need an entry for the CA.
If you intend to use SSL authentication, both the directory and the Certificate
Manager must be configured appropriately for SSL. For detailed information on
LDAP publishing, see Chapter 19, "Setting Up LDAP Publishing."
Publishing CRLs to the Online Certificate Status
Manager
Certificate Management System supports the Online Certificate Status Protocol
(OCSP) as defined in the PKIX standard RFC 2560 (see
http://www.ietf.org/rfc/rfc2560.txt
OCSP-compliant applications to determine the state of a certificate, including the
entry maps the DN in the subsystem's client certificate to a
). The OCSP protocol enables
Publishing Decisions
certmap.conf
Chapter 4
Planning Your Deployment
file.
175
Advertisement
Table of Contents
