8.6. Enabling Publishing
- Log into the Certificate Manager Console.
- In the Configuration tab, select Certificate Manager from the navigation tree on the left. Select Publishing.The right pane shows the details for publishing to an LDAP-compliant directory.
- To enable publishing to a file only, select Enable Publishing.
- To enable LDAP publishing, select both Enable Publishing and Enable Default LDAP Connection.In the Destination section, set the information for the Directory Server instance.
- Host name. If the Directory Server is configured for SSL client authenticated communication, the name must match the
cncomponent in the subject DN of the Directory Server's SSL server certificate.The hostname can be the fully-qualified domain name or an IPv4 or IPv6 address.
- Port number.
- Directory Manager DN. This is the distinguished name (DN) of the directory entry that has Directory Manager privileges. The Certificate Manager uses this DN to access the directory tree and to publish to the directory. The access control set up for this DN determines whether the Certificate Manager can perform publishing. It is possible to create another DN that has limited read-write permissions for only those attributes that the publishing system actually needs to write.
- Password. This is the password which the CA uses to bind to the LDAP directory to which the certificate or CRL is published. The Certificate Manager saves this password in its
password.conffile. For example:
CA LDAP Publishing:password
NoteThe parameter name which identifies the publishing password (
CA LDAP Publishing) is set in the Certificate Manager's
CS.cfgfile in the
ca.publish.ldappublish.ldap.ldapauth.bindPWPromptparameter, and it can be edited.
- Client certificate. This sets the certificate the Certificate Manager uses for SSL client authentication to the publishing directory. By default, the Certificate Manager uses its SSL server certificate.
- LDAP version. Select LDAP version 3.
- Authentication. The way the Certificate Manager authenticates to the Directory Server. The choices are
SSL client authentication.If the Directory Server is configured for basic authentication or for SSL communication without client authentication, select
Basic authenticationand specify values for the Directory manager DN and password.If the Directory Server is configured for SSL communication with client authentication, select
SSL client authenticationand the
Use SSL communicationoption, and identify the certificate that the Certificate Manager must use for SSL client authentication to the directory.