Configuring a Certificate Manager to Publish Certificates and CRLs
Chapter
19
Setting Up LDAP Publishing
601
Step C. Identify an Entry That Has Write Access
When you configure the Certificate Manager to work with Directory Server, you’ll
be required to specify a distinguished name in the directory that has read-write
permissions to the directory. To publish certificates and CRLs to the directory, the
Certificate Manager needs to use a user entry (in the directory) that has write
access to the directory. This enables the Certificate Manager to bind to the directory
as this user and modify the user entries with certificate-related information and the
CA entry with CA’s certificate and CRL related information.
To provide the Certificate Manager with a user entry that has read-write
permission, you can do either of the following:
•
Use the DN of an existing entry that has write access. For example, you can use
the entry of the Directory Manager or choose an alternative.
•
Give write access to the user entry you created for the Certificate Manager in
the previous step. The entry can be identified by the Certificate Manager’s DN.
For example, it may look like this:
CN=testCA, OU=Research Dept, O=Example Corporation,
ST=California, C=US
For instructions on giving write access to the Certificate Manager’s entry, see your
LDAP directory documentation. In either case, note the entry DN and the
corresponding password as you will be required to identify this user entry to the
Certificate Manager later; see “Step 5. Identify the Publishing Directory” on
page 636.
Step D. Verify Entries for End Entities
The publishing directory must contain an entry for each end entity for whom you
want a certificate published. If the end entity does not have an entry in the
directory, the Certificate Manager will not be able to publish the end entity’s
certificate.
To add an entry for each end entity, you can use the tools provided with Directory
Server. Keep in mind that the end-entity entries must belong to an object class, such
as
inetOrgPerson
, that allows the
userCertificate;binary
attribute.
NOTE
If you configured the Certificate Manager to use directory-based
authentication for end entities and are using the same directory for
authentication and publishing, you may not have to deal with this
issue. The server will not issue certificates to end entities that do not
have entries in the directory. See “Authentication of End Entities
During Certificate Enrollment” on page 495.
Summary of Contents for NETSCAPE MANAGEMENT SYSTEM 6.0
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 0 March 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide March 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide March 2002...