이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Appendix C. Publishing Module Reference


Several publisher, mapper, and rule modules are configured by default with the Certificate Manager.

C.1. Publisher Plug-in Modules

This section describes the publisher modules provided for the Certificate Manager. The modules are used by the Certificate Manager to enable and configure specific publisher instances.

C.1.1. FileBasedPublisher

The FileBasedPublisher plug-in module configures a Certificate Manager to publish certificates and CRLs to file. This plug-in can publish base-64 encoded files, DER-encoded files, or both, depending on the checkboxes selected when the publisher is configured. The certificate and CRL content can be viewed by converting the files using the PrettyPrintCert and PrettyPrintCRL tools. For details on viewing the content in base-64 and DER-encoded certificates and CRLs, see Section 9.11, “Viewing Certificates and CRLs Published to File”.
By default, the Certificate Manager does not create an instance of the FileBasedPublisher module.
Table C.1. FileBasedPublisher Configuration Parameters
Parameter Description
Publisher ID Specifies a name for the publisher, an alphanumeric string with no spaces. For example, PublishCertsToFile.
directory Specifies the complete path to the directory to which the Certificate Manager creates the files; the path can be an absolute path or can be relative to the Certificate System instance directory. For example, /export/CS/certificates.

C.1.2. LdapCaCertPublisher

The LdapCaCertPublisher plug-in module configures a Certificate Manager to publish or unpublish a CA certificate to the caCertificate;binary attribute of the CA's directory entry.
The module converts the object class of the CA's entry to pkiCA or certificationAuthority, if it is not used already. Similarly, it also removes the pkiCA or certificationAuthority object class when unpublishing if the CA has no other certificates.
During installation, the Certificate Manager automatically creates an instance of the LdapCaCertPublisher module for publishing the CA certificate to the directory.
Table C.2. LdapCaCertPublisher Configuration Parameters
Parameter Description
caCertAttr Specifies the LDAP directory attribute to publish the CA certificate. This must be caCertificate;binary.
caObjectClass Specifies the object class for the CA's entry in the directory. This must be pkiCA or certificationAuthority.

C.1.3. LdapUserCertPublisher

The LdapUserCertPublisher plug-in module configures a Certificate Manager to publish or unpublish a user certificate to the userCertificate;binary attribute of the user's directory entry.
This module is used to publish any end-entity certificate to an LDAP directory. Types of end-entity certificates include SSL client, S/MIME, SSL server, and OCSP responder.
During installation, the Certificate Manager automatically creates an instance of the LdapUserCertPublisher module for publishing end-entity certificates to the directory.
Table C.3. LdapUserCertPublisher Configuration Parameters
Parameter Description
certAttr Specifies the directory attribute of the mapped entry to which the Certificate Manager should publish the certificate. This must be userCertificate;binary.

C.1.4. LdapCrlPublisher

The LdapCrlPublisher plug-in module configures a Certificate Manager to publish or unpublish the CRL to the certificateRevocationList;binary attribute of a directory entry.
During installation, the Certificate Manager automatically creates an instance of the LdapCrlPublisher module for publishing CRLs to the directory.
Table C.4. LdapCrlPublisher Configuration Parameters
Parameter Description
crlAttr Specifies the directory attribute of the mapped entry to which the Certificate Manager should publish the CRL. This must be certificateRevocationList;binary.

C.1.5. LdapDeltaCrlPublisher

The LdapDeltaCrlPublisher plug-in module configures a Certificate Manager to publish or unpublish a delta CRL to the deltaRevocationList attribute of a directory entry.
During installation, the Certificate Manager automatically creates an instance of the LdapDeltaCrlPublisher module for publishing CRLs to the directory.
Table C.5. LdapDeltaCrlPublisher Configuration Parameters
Parameter Description
crlAttr Specifies the directory attribute of the mapped entry to which the Certificate Manager should publish the delta CRL. This must be deltaRevocationList;binary.

C.1.6. LdapCertificatePairPublisher

The LdapCertificatePairPublisher plug-in module configures a Certificate Manager to publish or unpublish a cross-signed certificate to the crossCertPair;binary attribute of the CA's directory entry.
The module also converts the object class of the CA's entry to a pkiCA or certificationAuthority, if it is not used already. Similarly, it also removes the pkiCA or certificationAuthority object class when unpublishing if the CA has no other certificates.
During installation, the Certificate Manager automatically creates an instance of the LdapCertificatePairPublisher module named LdapCrossCertPairPublisher for publishing the cross-signed certificates to the directory.
Table C.6. LdapCertificatePairPublisher Parameters
Parameter Description
crossCertPairAttr Specifies the LDAP directory attribute to publish the CA certificate. This must be crossCertificatePair;binary.
caObjectClass Specifies the object class for the CA's entry in the directory. This must be pkiCA or certificationAuthority.

C.1.7. OCSPPublisher

The OCSPPublisher plug-in module configures a Certificate Manager to publish its CRLs to an Online Certificate Status Manager.
The Certificate Manager does not create any instances of the OCSPPublisher module at installation.
Table C.7. OCSPPublisher Parameters
Parameter Description
host Specifies the fully qualified hostname of the Online Certificate Status Manager.
port Specifies the port number on which the Online Certificate Status Manager is listening to the Certificate Manager. This is the Online Certificate Status Manager's SSL port number.
path Specifies the path for publishing the CRL. This must be the default path, /ocsp/agent/ocsp/addCRL.
enableClientAuth Sets whether to use client (certificate-based) authentication to access the OCSP service.
nickname Gives the nickname of the certificate in the OCSP service's database to use for client authentication. This is only used if the enableClientAuth option is set to true.
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.