The LDAP publishing directory usually does not need certificate data updated manually because most updates are automatic. However, it may be necessary to update the LDAP publishing directory manually in the following situations:
The publishing Directory Server is down for a period of time and unable to receive changes from the Certificate System.
Expired certificates need to be removed from the publishing directory since certificates are not automatically removed from the publishing directory when they expire.
Any client using a certificate is responsible for determining its validity by checking the expiration date against the client's current date information.
To update the LDAP publishing directory with changes manually, do the following:
Open the CM agent services page.
Click Update Directory Server.
Select Skip certificates already marked as updated to ignore certificates in the internal database that have already been published or removed, in the case of revoked certificates.
In some circumstances, updating the LDAP publishing directory can take considerable time. During this period, any changes made through the Certificate System such as issuing or revoking certificates may not be included in the update. If certificates have been issued or revoked during that time, the publishing directory must be updated again to reflect those changes. Use the Skip certificates already marked as updated option the second time to update only certificates that been issued, revoked, or expired while the previous update was running.
Select the type of update to perform.
To publish the latest CRL, select Update certificate revocation list to the publishing directory.
To update information on valid certificates to the publishing directory, select Update valid certificates to the directory.
To update a range of certificates, such as only the most recently issued certificates, specify the range of the serial numbers of those certificates.
To remove expired certificates from the publishing directory, select Remove expired certificates from the directory.
To remove a range of certificates instead of all expired certificates, specify the range of the serial numbers of those certificates.
To remove revoked certificates from the publishing directory, select Remove revoked certificates from the directory.
If you want to remove a range of certificates instead of all revoked certificates, specify the range of the serial numbers of those certificates.
After specifying the changes to be updated, click Update Directory.