16 Netscape Certificate Management System Installation and Setup Guide • October 2001
PublishingofCRLs .................................................................... 610
What’saCRL? ..................................................................... 611
ReasonsforRevokingaCertificate .................................................... 612
RevocationCheckingbyNetscapeClients ............................................. 613
RevocationCheckingbyNetscapeServers ............................................. 613
PublishingofCRLstoanLDAPDirectory ............................................. 614
CRLIssuingPoints ................................................................. 615
ConfiguringaCertificateManagertoPublishCertificatesandCRLs ......................... 615
Step1.BeforeYouBegin............................................................. 616
Step2.SetUptheDirectoryforPublishing............................................. 618
StepA.VerifytheDirectorySchema................................................ 618
StepB.AddanEntryfortheCA ................................................... 619
StepC.IdentifyanEntryThatHasWriteAccess ..................................... 621
StepD.VerifyEntriesforEndEntities .............................................. 621
StepE.SpecifytheDirectoryAuthenticationMethod ................................. 622
StepF.ModifytheCertificateMappingFile ......................................... 632
StepG.RestartDirectoryServer ................................................... 636
Step3.ConfiguretheCertificateManagertoPublishCertificates.......................... 636
StepA.ModifytheDefaultMappers,Publishers,andPublishingRules ................. 636
StepB.AddMappers,Publishers,andPublishingRules............................... 642
Step4.ConfiguretheCertificateManagertoPublishCRLs ............................... 648
StepA.SpecifyCRLDetails ....................................................... 649
StepB.SettheCRLExtensions..................................................... 651
StepC.CreateaMapperfortheCRL ............................................... 652
StepD.CreateaPublisherfortheCRL.............................................. 653
StepE.CreateaPublishingRulefortheCRL ........................................ 655
Step5.IdentifythePublishingDirectory............................................... 656
Step6.TestCertificateandCRLPublishing ............................................ 658
StepA.DecideaDirectoryEntryforRequestingaCertificate .......................... 659
StepB.RequestaCertificate ....................................................... 659
StepC.ApprovetheRequest ...................................................... 659
StepD.DownloadtheCertificatetotheBrowser ..................................... 660
StepE.CheckiftheDirectoryHastheCertificate..................................... 660
StepF.RevoketheCertificate...................................................... 661
StepG.ChecktheDirectoryfortheCRL ............................................ 662
ManuallyUpdatingCertificatesandCRLsinaDirectory ................................... 662
ManuallyUpdatingCertificatesintheDirectory ........................................ 663
ManuallyUpdatingtheCRLintheDirectory........................................... 664
Chapter 20 Publishing Certificates and CRLs to a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667
ConfiguringCertificateManagertoPublishtoFiles........................................ 667
Step1.BeforeYouBegin............................................................. 668
Step2.ConfiguretheCertificateManager.............................................. 669