7.9. Publishing Cross-Pair Certificates

The cross-pair certificates can be published as a crossCertificatePair entry to an LDAP directory or to a file; this is enabled by default. If this has been disabled, it can be re-enabled through the Certificate Manager Console by doing the following:
  1. Open the CA console.
    pkiconsole https://server.example.com:8443/ca
  2. In the Configuration tab, select the Certificate Manager link in the left pane, then the Publishing link.
  3. Click the Rules link under Publishing. This opens the Rules Management pane on the right.
  4. If the rule exists and has been disabled, select the enable checkbox. If the rule has been deleted, then click Add and create a new rule.
    1. Select xcerts from the type drop-down menu.
    2. Make sure the enable checkbox is selected.
    3. Select LdapCaCertMap from the mapper drop-down menu.
    4. Select LdapCrossCertPairPublisher from the publisher drop-down menu.
The mapper and publisher specified in the publishing rule are both listed under Mapper and Publisher under the Publishing link in the left navigation window of the CA Console. The mapper, LdapCaCertMap, by default designates that the crossCertificatePair be stored to the LdapCaSimpleMap LDAP entry. The publisher, LDAPCrossPairPublisher, by default sets the attribute to store the cross-pair certificate in the CA entry to crossCertificatePair;binary.