Chapter 5. CA: Publishing to a Directory
A Red Hat Directory Server installation is required for the Certificate System subsystems to be installed; this directory instance maintains user information and certificate and key information. The Certificate System can be configured to publish certificates and CRLs to that directory, or other LDAP directories, for other applications to access. Certificate information published to the publishing directory must be periodically updated as certificates are issued and revoked. Updates are usually published automatically but may also be published manually.
This chapter describes the procedures for updating an LDAP directory with the current status of certificates. Only a Certificate Manager agent can publish certificates and CRLs to the directory.
Once the Certificate System administrator has configured the Certificate System to publish to the publishing Directory Server, any changes to certificate information in Certificate System are automatically updated in the publishing directory at specific times.
The first time the Certificate System is started, it publishes the Certificate Manager's CA certificate to the LDAP publishing directory.
When the Certificate System issues a new certificate, the certificate is published to the LDAP publishing directory.
When the Certificate System revokes a certificate, the certificate is removed from the publishing directory.
When the CRL is created or updated, the list is published to the LDAP publishing directory.
For more information on configuring the Certificate System to publish to the Directory Server, see the Certificate System Administration Guide.