Table of Contents
Advertisement
Setting Up Publishing
When a rule is matched, the certificate or CRL is published according to the
method and location specified in the publisher associated with that rule. For
example, if a rule matches all certificates issued to users, and the rule has a
publisher that publishes to a file in the location
certificate will be published as a file in this location. If another rule matches all
certificates issued to users, and the rule has a publisher that publishes to the LDAP
attribute
the directory specified when you enabled LDAP publishing in this attribute in the
user's entry.
For rules that specify to publish to a file, a new file is created when either a
certificate or a CRL is issued in the stipulated directory.
For rules that specify to publish to an LDAP directory, the certificate or CRL is
published to the entry specified in the directory, in the attribute specified. Note
that the certificate or CRL will replace any certificate or CRL that is already
published to this attribute.
For rules that specify to publish to an Online Certificate Status Manager, a CRL is
published to this manager, certificates are not published to an Online Certificate
Status Manager.
For LDAP publishing, the location of the user's entry needs to be determined.
Mappers are used to determine the entry in which to publish. The mappers can
contain an exact DN for the entry, or it can contain some variable that associates
information that can be gotten from the certificate or the certificate request to create
the DN, or to provide enough information to search the directory for a unique
attribute or set of attributes in the entry to ascertain the correct DN for the entry.
When you revoke a certificate, the server uses the publishing rules to locate and
delete the corresponding certificate from the LDAP directory or from the file
system.
When a certificate expires, the server can remove that certificate from the
configured directory. Note that the server doesn't do this automatically. You need
to configure the server to run the appropriate job. For details, see Chapter 13,
"Automated Jobs.
Setting Up Publishing
To Set Up Publishing:
For file publishing, create a publisher for each location you will publish files to.
1.
620
Netscape Certificate Management System Administrator's Guide • June 2003
userCertificate;binary
/etc/cms/certificates
attribute, the certificate will be published in
, the
Advertisement
Table of Contents
