Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 823

Field
List of revoked certificates
Extensions
42.1.4 Repository for Certificates and CRLs
The certificates and CRLs for a CA must be made publicly accessible using a repository.
Because the signature protects the certificates and CRLs from being forged, the repos-
itory itself does not need to be secured in a special way. Instead, it tries to grant the
simplest and fastest access possible. For this reason, certificates are often provided on
an LDAP or HTTP server. Find explanations about LDAP in
Directory Service (page 661).
information about the HTTP server.
42.1.5 Proprietary PKI
YaST contains modules for the basic management of X.509 certificates. This mainly
involves the creation of CAs, sub-CAs, and their certificates. The services of a PKI go
far beyond simply creating and distributing certificates and CRLs. The operation of a
PKI requires a well-conceived administrative infrastructure allowing continuous update
of certificates and CRLs. This infrastructure is provided by commercial PKI products
and can also be partly automated. YaST provides tools for creating and distributing
CAs and certificates, but cannot currently offer this background infrastructure. To set
up a small PKI, you can use the available YaST modules. However, you should use
commercial products to set up an "official" or commercial PKI.
Content
Every entry contains the serial number of the certificate,
the time of revocation, and optional extensions (CRL
entry extensions)
Optional CRL extensions
Chapter 40, The Apache HTTP Server
Chapter 36, LDAP—A
(page 737) contains
Managing X.509 Certification 805