Setting up CEP Enrollment Manually792 Netscape Certificate Management System Installation and Setup Guide • May 2002Step 2. Configure the Certificate Manager forPublishing Certificates and CRLsIn this step, you configure the Certificate Manager to issue router and VPN-clientcertificates with CRL Distribution Point Extension and to publish the certificates to adirectory.• Create an instance of the mapper plug-in named LdapExactMapper and of thepublisher plug-in named LdapUserCertPublisher. Once you create theseinstances, you should create a publishing rule for publishing router certificates.For instructions, see “Step B. Add Mappers, Publishers, and Publishing Rules”on page 622.Note that the publishing rule must be configured to use the mapper andpublisher you create for router certificates. In addition, the predicateexpression must be set to HTTP_PARAMS.certType==CEP-Request.• Configure CRL publishing details; for instructions, see “Step 4. Configure theCertificate Manager to Publish CRLs” on page 628.• Identify the directory for publishing. For instructions, see “Step 5. Identify thePublishing Directory” on page 636.• Create an instance of the policy plug-in named CRLDistributionPointsExt(following the instructions in “Step 4. Add New Policy Rules” on page 574) forrouter certificates. This extension, if present in a certificate, enables the user ofthe certificate to find revocation information pertaining to that certificate.When you create an instance of the CRLDistributionPointsExt plugin, besure to leave the issuerName and issuerType fields blank and to enterHTTP_PARAMS.certType==CEP-Request in the predicate field.• Stop the Certificate Manager and edit the configuration file to include thefollowing lines:eeGateway.cep.cep1.appendDN=O=eeGateway.cep.cep1.createEntry=trueeeGateway.cep.cep1.entryObjectClass=cepeeGateway.cep.cep1.url=/cgi-bin/pkiclient.exeA description for each of the above parameters are provided in Table 25-1.Table 25-1 CEP service-related configuration parameters in the configuration fileParameter DescriptionappendDN Specifies the DN component appended to the DN the router requests. You must have aconstant component in the DN which exists in the certificate to be able to publish.