|[Front page] [Index]|
SSH Tectia Certifier includes a convenient way of publishing CRLs without the need for a full-scale LDAP deployment: The built-in HTTP server of the Web Enrollment Service can be used for CRL publishing.
If you have chosen the HTTP publishing method for CRLs, the only setting that needs to be defined is the Web Enrollment Service instance that is being used for CRL publishing. Remember to enable CRL publishing in the Web Enrollment Service configurations in order to be able to select it from the Web enrollment service connection drop-down list.
As the server address is not always sufficient for external PKI clients to connect to the Enrollment Service, the URL prefix for CRL distribution points in Enrollment Service configuration must also be set to contain correct address and port information. For example,
http://enroll.big-corp.com:8080/ is a valid setting. See Section Editing the Web Enrollment Service.
To include the CRL distribution point information in the issued certificates, the publishing method has to have the Include in Certificates check box selected and the CA policy has to contain the Set CRL Distribution Point module.
[Front page] [Index]