이 콘텐츠는 선택한 언어로 제공되지 않습니다.
9.10. Testing Publishing to Files
To verify that the Certificate Manager is publishing certificates and CRLs correctly to file:
- Open the CA's end-entities page, and request a certificate.
- Approve the request through the agent services page, if required.
- Retrieve the certificate from the end-entities page, and download the certificate into the browser.
- Check whether the server generated the DER-encoded file containing the certificate.Open the directory to which the binary blob of the certificate is supposed to be published. The certificate file should be named
cert-serial_number.der. - Convert the DER-encoded certificate to its base 64-encoded format using the Binary to ASCII tool. For more information on this tool, refer to the
BtoA(1)man page.BtoA input_file output_file
input_file sets the path to the file that contains the DER-encoded certificate, and output_file sets the path to the file to write the base-64 encoded certificate. - Open the ASCII file; the base-64 encoded certificate is similar to the one shown:
-----BEGIN CERTIFICATE----- MMIIBtgYJYIZIAYb4QgIFoIIBpzCCAZ8wggGbMIIBRaADAgEAAgEBMA0GCSqGSIb3DQEBBAUAMFcxC AJBgNVBAYTAlVTMSwwKgYDVQQKEyNOZXRzY2FwZSBDb21tdW5pY2F0aWhfyyuougjgjjgmkgjkgmjg fjfgjjjgfyjfyj9ucyBDb3Jwb3JhdGlvbjpMEaMBgGA1UECxMRSXNzdWluZyhgdfhbfdpffjphotoo gdhkBBdXRob3JpdHkwHhcNOTYxMTA4MDkwNzM0WhcNOTgxMTA4MDkwNzMM0WjBXMQswCQYDVQQGEwJ VUzEsMCoGA1UEChMjTmV0c2NhcGUgQ29tbXVuaWNhdGlvbnMgQ29ycG9yY2F0aW9ucyBDb3Jwb3Jhd GlvbjpMEaMBgGA1UECxMRSXNzdWluZyBBdXRob3JpdHkwHh -----END CERTIFICATE-----
- Convert the base 64-encoded certificate to a readable form using the Pretty Print Certificate tool. For more information on this tool, refer to the
PrettyPrintCert(1)man page.PrettyPrintCert input_file [output_file]
input_file sets the path to the ASCII file that contains the base-64 encoded certificate, and output_file, optionally, sets the path to the file to write the certificate. If an output file is not set, the certificate information is written to the standard output. - Compare the output with the certificate issued; check the serial number in the certificate with the one used in the filename.If everything matches, the Certificate Manager is configured correctly to publish certificates to file.
- Revoke the certificate.
- Check whether the server generated the DER-encoded file containing the CRL.Open the directory to which the server is to publish the CRL as a binary blob. The CRL file should have a name in the form
crl-this_update.der. this_update specifies the value derived from the time-dependentThis Updatevariable of the CRL. - Convert the DER-encoded CRL to its base 64-encoded format using the Binary to ASCII tool.
BtoA input_file output_file
- Convert the base 64-encoded CRL to readable form using the Pretty Print CRL tool.
PrettyPrintCrl input_file [output_file]
- Compare the output.
