About PublishingChapter 15 Publishing 617About PublishersPublishers specify the location in which certificates and CRLs are published. In thecase of publishing to a file, publishers specify the publishing directory. In the caseof LDAP publishing, publishers specify the attribute in the directory that will storethe certificate or CRL; a mapper is used to determine the DN of the entry—thelocation of the LDAP directory is specified when you enable LDAP publishing. Inthe case of an OCSP responder, publishers specify the host name and URI of theOnline Certificate Status Manager’s secure EE service.With file publishing, you set up a publisher for every location you will publish to.With LDAP publishing, you set up a publisher for every DN that needs a differentformula for deriving that DN. When you create a rule that determines whether agiven certificate or CRL will be published, you associate a publisher with each ruleproviding the location for the rule. With OCSP publishing, you set up a publisherfor every location that you will publish to.About MappersMappers are only used in LDAP publishing. Mappers allow you to construct theDN for an entry based on information from the certificate or the certificate request.The server needs to figure out the DN of the entry in which to publish certificatesand CRLs. It has information from the subject name of the certificate, and from thecertificate request for the certificate and needs to know how to use this informationto create a DN for that entry. The mapper provides a formula for converting theinformation available to either a DN, or some unique information that can besearched in the directory to obtain a DN for the entry.About RulesYou set up Rules for file, LDAP, and OCSP publishing which tell the serverwhether or not a certificate or CRL matches that rule, and if so, how it is to bepublished. A rule first defines what is to be published: a certificate or CRL withcertain characteristics. A rule then specifies the publishing method and location.You define which certificates or CRLs get published by defining a type andpredicate for the rule. You specify how and where to publish by associating therule with a publisher, and, in the case of LDAP publishing, with a mapper.You can create a simple or complex set of publishing rules depending on yourneeds, the flexibility is built in to allow you to do this.