Updating Certificates and CRLs in a Directory658 Netscape Certificate Management System Administrator’s Guide • June 2003• Use the DN of an existing entry that has write access. For example, you can usethe entry of the Directory Manager or choose an alternative.• Give write access to a user entry created for this purpose. The entry can beidentified by the Certificate Manager’s DN. For example, it may look like this:CN=testCA, OU=Research Dept, O=Example Corporation,ST=California, C=USNote, you need to carefully consider what privileges you give this user. Youmay want to restrict exactly what this user can write to the directory by settingACLs that restrict this user’s rights. For instructions on giving write access tothe Certificate Manager’s entry, see your LDAP directory documentation.Directory Authentication MethodDepending on how you want the Certificate Manager to authenticate to thedirectory, you must set up Directory Server for one of the following methods ofcommunication:• Publishing With Basic Authentication• Publishing Over SSL Without Client Authentication• Publishing Over SSL With Client AuthenticationSee the Netscape Directory Server documentation for complete instructions onsetting up these methods of communication with the server.Updating Certificates and CRLs in a DirectoryThe Certificate Manager and the publishing directory can become out of sync ifcertificates are issued or revoked while Directory Server is down. Certificates thatwere issued or revoked need to be published or unpublished manually whenDirectory Server comes back up.To help find certificates that are out of sync with the directory—that is, validcertificates that are not in the directory and revoked or expired certificates that arestill in the directory—the Certificate Manager keeps a record of whether acertificate in its internal database has been published to the directory. If theCertificate Manager and the publishing directory become out of sync, you can usethe Update Directory option in the Certificate Manager Agent Services interface tosynchronize the publishing directory with the internal database.