Table of Contents
Advertisement
About Publishing
About Publishing to Files
The server can publish certificates and CRLs to flat files, which can then be
imported into any repository, for example, into a relational database. If you
configure the server to publish certificates and CRLs to flat files, it publishes them
to files as DER-encoded binary blobs.
•
For each certificate the server issues, it creates a file that contains the certificate
in its DER-encoded format. Each file is named
where
contained in the file. For example, the filename for a certificate with serial
number
•
Every time the server generates a CRL, it creates a file that contains the new
CRL in its DER-encoded format. Each file is named as
crl-<this_update>.der
from the time-dependent variable named
in the file. For example, the filename for a CRL with
January 28 15:36:00 PST 2000
About LDAP Publishing
The ability of a server to publish certificates, CRLs, and other certificate-related
objects to a directory using the LDAP or LDAPS protocol is called LDAP publishing
and the directory to which it publishes is called the publishing directory.
•
For each certificate the server issues, it creates a blob that contains the
certificate in its DER-encoded format in the specified attribute of the user's
entry. The certificate is published as a DER encoded binary blob.
•
Every time the server generates a CRL, it creates a blob that contains the new
CRL in its DER-encoded format in the specified attribute of the entry for the
CA.
The server can publish certificates and CRLs to an LDAP-compliant directory using
the LDAP protocol or LDAP over SSL (LDAPS) protocol, and applications can
retrieve the certificates and CRLs over HTTP. Support for retrieving certificates
and CRLs over HTTP enables some browsers, such as Netscape Communicator, to
automatically import the latest CRL from the directory that receives regular
updates from the server. The browser can then use the CRL to automatically check
all certificates to ensure that they have not been revoked.
For LDAP publishing to work, the user entry must be present in the LDAP
directory.
620
Netscape Certificate Management System Administrator's Guide • February 2003
specifies the serial number of the certificate
<serial_number>
will be
1234
cert-1234.der
, where
cert-<serial_number>.der
.
specifies the value derived
<this_update>
This Update
This Update: Friday
, will be
crl-949102696899.der
,
of the CRL contained
.
Advertisement
Table of Contents
