Table of Contents
Advertisement
Updating Certificates and CRLs in a Directory
Select the Update Directory Server link.
2.
The Update Directory Server page appears.
Select the appropriate options.
3.
When you are done specifying the changes that you want updated, click
4.
Update Directory.
The Certificate Manager starts updating the directory with the certificate
information in its internal database. In some circumstances, for example if the
changes are substantial, updating the directory can take considerable time.
During this period, any changes made through the Certificate Manager (for
example, any certificates issued or any certificates revoked) may not be
included in the update. If you have issued or revoked any certificates during
that time, you need to update the directory again to reflect those changes.
When the directory update is complete, the Certificate Manager displays a
status report. If for some reason the process gets interrupted, the server logs an
error message. Be sure to check logs if that happens.
Note that if the Certificate Manager is installed as a root CA, when using the agent
interface to update the directory with valid certificates, the CA signing certificate
may get published using the publishing rule set up for user certificates and you
may get an object class violation error (or other errors in the mapper). You can
avoid this by selecting the appropriate serial-number range to not include the CA
signing certificate; the CA signing certificate is the first certificate a root CA issues.
If the root CA has issued a subordinate CA certificate, the certificate may also get
published using the publishing rule set up for user certificates, resulting in an
object class violation error. To avoid the problem in publishing the subordinate CA
certificate, you will need to do this:
•
Modify the default publishing rule for user certificates by changing the value
of the
•
Use the
with the predicate parameter set to
publishing subordinate CA certificates.
Manually Updating the CRL in the Directory
The Update Certificate Revocation List form in the Certificate Manager Agent
Services interface to enables you to manually update the directory with
CRL-related information.
662
Netscape Certificate Management System Administrator's Guide • February 2003
parameter to
predicate
LdapCaCertPublisher
HTTP_PARAMS.certType!=ca
publisher plug-in module to add another rule,
HTTP_PARAMS.certType==ca
.
, for
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR and is the answer not in the manual?