Setting Up Publishing622 Netscape Certificate Management System Administrator’s Guide • February 2003When a rule is matched, the certificate or CRL is published according to themethod and location specified in the publisher associated with that rule. Forexample, if a rule matches all certificates issued to users, and the rule has apublisher that publishes to a file in the location /etc/cms/certificates, thecertificate will be published as a file in this location. If another rule matches allcertificates issued to users, and the rule has a publisher that publishes to the LDAPattribute userCertificate;binary attribute, the certificate will be published inthe directory specified when you enabled LDAP publishing in this attribute in theuser’s entry.For rules that specify to publish to a file, a new file is created when either acertificate or a CRL is issued in the stipulated directory.For rules that specify to publish to an LDAP directory, the certificate or CRL ispublished to the entry specified in the directory, in the attribute specified. Notethat the certificate or CRL will replace any certificate or CRL that is alreadypublished to this attribute.For rules that specify to publish to an Online Certificate Status Manager, a CRL ispublished to this manager, certificates are not published to an Online CertificateStatus Manager.For LDAP publishing, the location of the user’s entry needs to be determined.Mappers are used to determine the entry in which to publish. The mappers cancontain an exact DN for the entry, or it can contain some variable that associatesinformation that can be gotten from the certificate or the certificate request to createthe DN, or to provide enough information to search the directory for a uniqueattribute or set of attributes in the entry to ascertain the correct DN for the entry.When you revoke a certificate, the server uses the publishing rules to locate anddelete the corresponding certificate from the LDAP directory or from the filesystem.When a certificate expires, the server can remove that certificate from theconfigured directory. Note that the server doesn’t do this automatically. You needto configure the server to run the appropriate job. For details, see Chapter 13,“Automated Jobs.Setting Up PublishingTo Set Up Publishing:1. For file publishing, create a publisher for each location you will publish files to.
