Configuring the Directory for LDAP Publishing
Chapter
15
Publishing
659
Entry for the CA
You can have the Certificate Manager automatically create an entry for the CA in
your directory. You specify this option in both the CA and CRL mapper instance
you set up; it is enabled by default in both mappers. If you have restricted your
directory in such a way that the Certificate Manager is not allowed to create entries
in the directory, you will have to tun off this option in those mapper instances and
add an entry for the CA manually in the directory.
For the Certificate Manager to publish its CA certificate and CRL, the directory
must include an entry for the CA.
When adding the CA’s entry to the directory, you need to select the entry type
based on the distinguished name of your CA:
•
If your CA’s distinguished name begins with the
CN
component, create a new
person
entry for the CA. (If you select a different type of entry, the interface
may not allow you to specify a value for the
CN
component.)
•
If your CA’s distinguished name begins with the
OU
component, create a new
organizational
unit
entry for the CA.
Note that the entry you create doesn’t have to be in the
certificationAuthority
object class. The Certificate Manager will convert this entry to the
certificationAuthority
object class automatically by publishing its CA’s
signing certificate (as explained in “Required Schema for Publishing the CA
Certificate” on page 658).
For more information on creating directory entries, see the Netscape Directory
Server documentation.
Bind DN
When you configure the Certificate Manager to work with Directory Server, you’ll
be required to specify a distinguished name in the directory that has read-write
permissions to the directory. To publish certificates and CRLs to the directory, the
Certificate Manager needs to use a user entry (in the directory) that has write
access to the directory. This enables the Certificate Manager to bind to the directory
as this user and modify the user entries with certificate-related information and the
CA entry with CA’s certificate and CRL related information.
To provide the Certificate Manager with a user entry that has read-write
permission, you can do either of the following:
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...