Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 420

CEP Enrollment
Configure the Certificate Manager for Publishing Certificates and
CRLs
In this step, you configure the Certificate Manager to issue router and VPN-client
certificates with CRL Distribution Point Extension and to publish the certificates to a
directory.
• Create an instance of the mapper plug-in named
publisher plug-in named
instances, you should create a publishing rule for publishing router certificates.
For instructions, see Chapter 15, "Publishing."
Note that the publishing rule must be configured to use the mapper and
publisher you create for router certificates. In addition, the predicate
expression must be set to
• Create an instance of the policy plug-in named
for router certificates. This extension, if present in a certificate, enables the user
of the certificate to find revocation information pertaining to that certificate.
When you create an instance of the
sure to leave the
HTTP_PARAMS.certType==CEP-Request
• Stop the Certificate Manager and edit the configuration file to include the
following lines:
eeGateway.cep.cep1.appendDN=O=<BASE DN>
eeGateway.cep.cep1.createEntry=true
eeGateway.cep.cep1.entryObjectClass=cep
eeGateway.cep.cep1.url=/cgi-bin/pkiclient.exe
A description for each of the above parameters are provided in Table 9-1.
Table 9-1
Parameter
appendDN
420 Netscape Certificate Management System Administrator's Guide • February 2003
LdapUserCertPublisher
HTTP_PARAMS.certType==CEP-Request
issuerName
CEP service-related configuration parameters in the configuration file
Description
Specifies the DN component appended to the DN the router requests.
You must have a constant component in the DN which exists in the
certificate to be able to publish.
LdapExactMapper
CRLDistributionPointsExt
CRLDistributionPointsExt
and fields blank and to enter
issuerType
in the
predicate
and of the
. Once you create these
.
plug-in, be
field.