Configuring Certificate Manager to Publish to Files
•
For each certificate the server issues, it creates a file that contains the certificate
in its DER-encoded format. Each file is named as
where
contained in the file. For example, the filename for a certificate with serial
number
•
Every time the server generates the CRL (which could be every time it revokes
a certificate and at a regular interval), it creates a file that contains the new CRL
in its DER-encoded format. Each file is named as
where
variable named
filename for a CRL with
2000
To configure the Certificate Manager to publish certificates and CRLs to files,
follow these steps:
•
Step 1. Before You Begin
•
Step 2. Configure the Certificate Manager
•
Step 3. Test Publishing
Step 1. Before You Begin
Before configuring a Certificate Manager to publish the CA certificate, end-entity
certificates, and CRLs to flat files:
•
Read section "FileBasedPublisher Plug-in Module" in Chapter 6, "Publisher
Plug-in Modules" of CMS Plug-Ins Guide.
•
Identify the machine that will contain the DER-encoded files, and create a
directory for the files.
•
Make sure that the machine has sufficient disk space to accommodate the
DER-encoded files that the Certificate Manager will generate; the server
generates a file for every certificate it issues and for every CRL it generates. If
disk space is a constraint, you can configure the server to create files on two
different hosts, one for certificates and another one for CRLs.
•
Read "Publishing of CRLs" on page 590. Determine whether you want the
Certificate Manager to publish version 1 or version 2 CRLs to the directory. If
you decide to publish version 2 CRLs, read Chapter 4, "Certificate Extension
Plug-in Modules" of CMS Plug-Ins Guide and determine the CRL extensions
you want the Certificate Manager to set; you will be required to configure the
server to set these extensions.
648
Netscape Certificate Management System Installation and Setup Guide • May 2002
<serial_number>
will be
1234
cert-1234.der
specifies the value derived from the time-dependent
<this_update>
This Update
This Update: Friday January 28 15:36:00 PST
, will be
crl-949102696899.der
specifies the serial number of the certificate
.
of the CRL contained in the file. For example, the
.
cert-<serial_number>.der
crl-<this_update>.der
,
,