Directory Synchronization; Publishing Of Crls - Netscape MANAGEMENT SYSTEM 6.01 Installation And Setup Manual

Publishing of CRLs

Directory Synchronization

The Certificate Manager and the publishing directory can become out of sync if
certificates are issued or revoked while Directory Server is down. Certificates that
were issued or revoked need to be published or unpublished manually when
Directory Server comes back up.
To help find certificates that are out of sync with the directory—that is, valid
certificates that are not in the directory and revoked or expired certificates that are
still in the directory—the Certificate Manager keeps a record of whether a
certificate in its internal database has been published to the directory. If the
Certificate Manager and the publishing directory become out of sync, you can use
the Update Directory option in the Certificate Manager Agent Services interface to
synchronize the publishing directory with the internal database.
The following choices are available for synchronizing the directory with the
internal database:
• Search the internal database for certificates that are out of sync and publish or
unpublish accordingly.
• Publish certificates that were issued from time A to time B while Directory
Server was down. Similarly, unpublish certificates that were revoked or that
expired while Directory Server was down.
• Publish or unpublish a range of certificates based on serial numbers (from
serial number xx to serial number yy).
For instructions, see "Manually Updating Certificates in the Directory" on
page 643.
Publishing of CRLs
This section covers the following topics:
• What's a CRL?
• Reasons for Revoking a Certificate
• Revocation Checking by Netscape Clients
• Revocation Checking by Netscape Servers
• Publishing of CRLs to an LDAP Directory
• CRL Issuing Points
590 Netscape Certificate Management System Installation and Setup Guide • May 2002