Setting up CEP Enrollment ManuallyChapter 25 Setting Up CEP Enrollment 791• Step 1. Set up the Directory for Publishing Certificates and CRLs• Step 2. Configure the Certificate Manager for Publishing Certificates and CRLs• Step 3. Set Up Automated Enrollment (optional)• Step 4. Set Up Multiple CEP Services (optional)Step 1. Set up the Directory for PublishingCertificates and CRLsChapter 19, “Setting Up LDAP Publishing contains information on setting upNetscape Directory Server for publishing certificates and CRLs—it covers directoryschema required for publishing certificates and the attributes to which a CertificateManager publishes end-entity certificates and CRLs.For the configuration directory to support publishing of certificates and CRLs, youneed to verify two things:• The Directory Server schema—verify that the directory schema canaccommodate router and VPN client certificates. You may need to update theDirectory Server’s schema. The reason for this is, if you plan on publishingcertificates from routers, they may need to be published with the same DN astheir certificate subject names. For example, if the certificate subject namecontains UnstructuredAddress or UnstructuredName components, you mayneed to add them to the directory schema.unstructuredAddress, 1.2.840.113549.1.9.7, stringunstructuredName, 1.2.840.113549.1.9.8, stringTo modify the schema you can use the Directory Server window, which can belaunched from within Netscape Console. Alternatively, you can prepare anLDIF file with the changes you want to make and then run the LDAP modifycommand. Check the directory documentation for instructions.• The Directory Server port—note the port number assigned to the configurationdirectory; it must be 389. If you installed Certificate Management System withthe default choices, you may skip this step; the default port assigned to theconfiguration directory is 389. To find out the port number assigned toDirectory Server, check it’s configuration file (which is at/slapd-*/slapd.oc.conf). Alternatively, you can also findand change the port number from Netscape Console.