Previous     Contents     Index     Next     
iPlanet Certificate Management System Installation and Setup Guide



Chapter 20   Publishing Certificates and CRLs to a File


iPlanet Certificate Management Server (CMS) provides a customizable publishing framework for the Certificate Manager, enabling it to publish certificates, certificate revocation lists (CRLs), and other certificate-related objects to any of the supported repositories—an LDAP-compliant directory, a flat file, and an online validation authority—using the appropriate protocol. This chapter explains how to configure the Certificate Manager to publish certificates and CRLs to a file.

Note that configuring the Certificate Manager for publishing is optional—you can turn this feature off without affecting any of the certificate issuance and management operations handled by the server.

The chapter has the following sections:



Configuring Certificate Manager to Publish to Files

The Certificate Manager can publish certificates and CRLs to flat files, which can then be imported into any repository, for example, into a relational database. If you configure the server to publish certificates and CRLs to flat files, it publishes them to files as DER-encoded binary blobs.

  • For each certificate the server issues, it creates a file that contains the certificate in its DER-encoded format. Each file is named as cert-<serial_number>.der, where <serial_number> specifies the serial number of the certificate contained in the file. For example, the filename for a certificate with serial number 1234 will be cert-1234.der.

  • Every time the server generates the CRL (which could be every time it revokes a certificate and at a regular interval), it creates a file that contains the new CRL in its DER-encoded format. Each file is named as crl-<this_update>.der, where <this_update> specifies the value derived from the time-dependent variable named This Update of the CRL contained in the file. For example, the filename for a CRL with This Update: Friday January 28 15:36:00 PST 2000, will be crl-949102696899.der.

To configure the Certificate Manager to publish certificates and CRLs to files, follow these steps:


Step 1. Before You Begin

Before configuring a Certificate Manager to publish the CA certificate, end-entity certificates, and CRLs to flat files:

  • Read section "FileBasedPublisher Plug-in Module" in Chapter 6, "Publisher Plug-in Modules" of CMS Plug-Ins Guide.

  • Identify the machine that will contain the DER-encoded files, and create a directory for the files.

  • Make sure that the machine has sufficient disk space to accommodate the DER-encoded files that the Certificate Manager will generate; the server generates a file for every certificate it issues and for every CRL it generates. If disk space is a constraint, you can configure the server to create files on two different hosts, one for certificates and another one for CRLs.

  • Read Publishing of CRLs. Determine whether you want the Certificate Manager to publish version 1 or version 2 CRLs to the directory. If you decide to publish version 2 CRLs, read Chapter 4, "Certificate Extension Plug-in Modules" of CMS Plug-Ins Guide and determine the CRL extensions you want the Certificate Manager to set; you will be required to configure the server to set these extensions.

  • Decide the interval for publishing CRLs—configuring the server to publish every time a certificate is revoked will result in that many CRL files.

  • Determine the backup media and schedule for these files.


Step 2. Configure the Certificate Manager

To configure a Certificate Manager to publish certificates and CRLs to files, follow these steps:


Step A. Create a Publisher for the File

Creating a publisher for the file involves creating an instance of the publisher module that enables the Certificate Manager to publish certificates and CRLs to files. In the next step, Step B. Create Publishing Rules for Certificates, you specify the publisher you create here.

To create a publisher:

  1. Log in to the CMS window for the Certificate Manager (see Logging In to the CMS Window).

  2. Select the Configuration tab.

  3. In the navigation tree, select Certificate Manager, select Publishing, and then select Publishers.

    The right pane displays the Publishers Management tab, which lists configured publisher instances.

  4. Click Add.

    The Select Publisher Plugin Implementation window appears. It lists registered publisher modules.

  5. Select the module named FileBasedPublisher.

    Only this publisher module enables the Certificate Manager to publish certificates and CRLs to flat files.

  6. Click Next.

    The Publisher Editor window appears.

  7. Enter the appropriate information:

    Publisher ID. Type a name for the rule. Be sure to use an alphanumeric string with no spaces. For example, PublishCertsToFile.

    directory. Type the complete path to the directory in which the Certificate Manager should create the DER-encoded files; the path can be an absolute path or can be relative to the CMS instance directory. For example, C:\certificates.

  8. Click OK.

    You are returned to the Publishers Management tab. It should now list the publisher you just created.

  9. If you want to publish certificates and CRLs to two separate directories, repeat steps 4 though 8 to create another publisher (for example, PublishCrlsToFile) with the value of the directory parameter set to the file path to the other directory (for example, C:\crls).


Step B. Create Publishing Rules for Certificates

Creating a publishing rule for CA certificate and end-entity certificates involves creating a rule that uses the publisher that you created in the previous step.

To create a publishing rule:

  1. In the navigation tree, under Publishing, select Rules.

    The right pane displays the Rules Management tab, which lists any configured publishing rules.

  2. Click Add.

    The Select Rule Plugin Implementation window appears.

  3. Select the module named Rule.

    This is the default module. (If you have registered any custom modules, they too will be available for selection.)

  4. Click Next.

  5. Enter the appropriate information:

    Rule ID. Type a name for the rule that will help you identify it later; use an alphanumeric string with no spaces. For example, PublishCaCertToFile.

    type. Select cacert.

    predicate. Type HTTP_PARAMS.certType==ca.

    enable. Select this option.

    mapper. Select <NONE>.

    publisher. Select the publisher you created in the previous step, Step A. For example, PublishCertsToFile.

  6. Click OK.

    The Rules Management tab appears, listing the new rule you just created for publishing the CA certificate to the file.

  7. Repeat steps 2 through 6 to create publishing rules for each type of end-entity certificate the Certificate Manager will issue. Use Table 20-1 for filling in the correct values in the type and predicate fields. (For information on predicates, see Using Predicates in Policy Rules.)


    Table 20-1    Certificate types and predicate expressions  

    End-entity certificate type

    "type" field value

    "predicate" field value

    SSL client certificate  

    certs  

    HTTP_PARAMS.certType==client  

    SSL server certificate  

    certs  

    HTTP_PARAMS.certType==server  

    Object signing certificate  

    certs  

    HTTP_PARAMS.certType==objSignClient  

    Certificate Manager signing certificate (subordinate CA)  

    cacert  

    HTTP_PARAMS.certType==ca  

    Registration Manager signing certificate  

    certs  

    HTTP_PARAMS.certType==ra  

    OCSP responder certificate  

    certs  

    HTTP_PARAMS.certType==ocspResponder  

    Router certificate  

    certs  

    HTTP_PARAMS.certType==CEP-Router  


Step C. Create a Publishing Rule for CRLs

Creating a publishing rule for the CRL involves creating a rule that uses the publisher that you created in the previous step.

To create a publishing rule:

  1. In the navigation tree, under Publishing, select Rules.

    The right pane displays the Rules Management tab, which lists configured publishing rules.

  2. Click Add.

    The Select Rule Plugin Implementation window appears.

  3. Select the module named Rule.

    This is the default module. (If you have registered any custom modules, they too will be available for selection.)

  4. Click Next.

    The Rule Editor window appears.

  5. Enter the appropriate information:

    Rule ID. Type a name for the rule that will help you identify it later; use an alphanumeric string with no spaces. For example, PublishCertsToFile.

    type. Select crl.

    predicate. Leave this field blank.

    enable. Select this option.

    mapper. Select <NONE>.

    publisher. Select the publisher you created in the previous step, Step A.

  6. Click OK.

    The Rules Management tab appears, listing the new rule you just created for publishing CRLs to files.


Step D. Specify CRL Details

You can specify information, such as the publishing interval, the CRL version (whether to include CRL extensions), and the signing algorithm the Certificate Manager should use for signing the CRL object.

To specify the details for the CRL:

  1. In the navigation tree, select Certificate Manager, and then in the right pane, select the Revocation List tab.

  2. In the Update Frequency section, specify the interval for publishing the CRL to the directory:

    Every time a certificate is revoked, or taken off-hold. Select this option if you want the Certificate Manager to generate the CRL every time it revokes a certificate. Keep in mind that the Certificate Manager attempts to publish the CRL to the configured directory whenever it is generated, in this case, every time a certificate is revoked. Publishing a CRL can be time consuming if the CRL is large. Configuring the Certificate Manager to publish CRLs every time a certificate is revoked may engage the server for a considerable amount of time; during this time, the server will not be able to service any requests it receives and will not be able to update the directory with any changes it receives.

    (This setting is not recommended for a standard installation. You can select this option if you want to see the results of revocation immediately, for example, when testing whether the server publishes the CRL to a flat file.)

    Update at this frequency. Select this option if you want the Certificate Manager to generate CRLs at regular intervals. In this case, the server publishes the CRL to the configured directory at the interval you specify.

    In the adjoining text field, type the interval, in minutes, at which the Certificate Manager should publish CRLs. For example, if you want the server to publish CRLs every day, you should type 1440 in this field.

    with a skew of. If you configure the Certificate Manager to update the CRL automatically every time period, the server by default adds a 5 second skew to the next update time to allow time to create the CRL and publish it. For example, if you configure the server to update the CRL every 20 minutes, and if the CRL is updated at 16:00:00, the CRL will be updated again at 16:19:55. You can change the skew by editing the default value, which is specified in seconds.

  3. In the CRL Cache section, specify whether to enable CRL caching:

    Enable cache. Check this box to enable CRL caching. Leave the box unchecked if you don't want the server to maintain a cache.

    Update interval. If you enabled caching, type the interval for updating the cache.

  4. In the CRL Format section, specify the format for publishing the CRL:

    Include expired certificates. Check this box if you want the server to include revoked certificates that have expired in the CRL.

    Allow extensions. Check this box if you want to allow extensions in the CRL. If you enable this option, the server generates and publishes CRLs conforming to X.509 version 2 standard. If you disable this option, the server generates and publishes CRLs conforming to X.509 version 1 standard. By default, the server publishes version 1 CRLs. If you enable this option, be sure to set the required CRL extensions as described in .

    Revocation list signing algorithm. Select the algorithm the server should use to sign the CRL. If the Certificate Manager's signing key type is RSA, select MD2 with RSA, MD5 with RSA, or SHA-1 with RSA. If the Certificate Manager's signing key type is DSA, select SHA-1 with DSA.

  5. To save your changes, click Save.

    The configuration is modified. If the changes you made require you to restart the server, you are prompted accordingly. Don't restart the server yet; you can restart it after you've made all the required changes.


Step E. Set the CRL Extensions

Complete this step only if you configured the Certificate Manager to publish version 2 CRLs in the previous step—that is, if you selected the "Allow extensions" option in Step D. Specify CRL Details.

During installation, the Certificate Manager creates default CRL extension rules. Note that the server is configured to add the CRL Reason extension only; all the other rules are in the disabled state. In this step, you modify the default rules to suit your organization's requirements.

To specify the CRL extensions the Certificate Manager should set:

  1. In the navigation tree, select Certificate Manager, and then select CRL Extensions.

    The right pane shows the CRL Extensions Management tab, which lists configured extensions.

  2. To modify a rule, select it and then click Edit/View.

  3. Change the information as appropriate.

    Be sure to supply all the required values. Click the Help button for detailed information on individual parameters.

  4. Click OK.

    You are returned to the CRL Extensions Management tab.

  5. To modify other rules, repeat steps 2 through 4.

  6. Click Refresh to see the updated status of all the rules.


Step F. Make Sure Publishing is Enabled

To make sure that the Certificate Manager is configured for publishing:

  1. In the navigation tree, select Certificate Manager, then select Publishing.

    The right pane shows the publishing details necessary for the server to publish to an LDAP-compliant directory, to flat files, or to an online validation authority.

  2. Make sure that the Enable Publishing option is selected. If it is already selected, leave it as it is. If it isn't, select it.

    (Leave the "Enable default LDAP connection" option as it is; it specifies that the Certificate Manager is configured to publish certificates and CRLs to an LDAP directory.)

  3. If you changed anything, click Save to save the changes.

    If the changes you made require you to restart the server, you are prompted accordingly. In that case, restart the server.


Step 3. Test Publishing

To verify that the Certificate Manager is publishing certificates and CRLs correctly to files, follow these steps:


Step A. Request a Certificate

The steps outlined below explain how to request a personal certificate from the Certificate Manager using the manual enrollment method. If you've configured the Certificate Manager for automated certificate issuance, for example for directory-based enrollment, you can use the appropriate form and request a certificate.

To request a client or personal certificate from the Certificate Manager:

  1. Open a web browser window.

  2. Go to the end-entity interface of the Certificate Manager you configured (or to the Registration Manager that's connected to this Certificate Manager).

    The URL is in this form: https://<hostname>:<end_entity_HTTPS_port> or http://<hostname>:<end_entity_HTTP_port>

  3. In the left frame, under Browser, click Manual.

    This opens the manual enrollment form.

  4. Fill in all the values and submit the request.

    The client prompts you to enter the password for your key database.

  5. When you enter the correct password, the client generates the key pair.

    Do not interrupt the key-generation process.


Step B. Approve the Request

Skip this step if you requested the certificate using any of the automated enrollment methods in Step A. Request a Certificate. Complete this step if you used the manual enrollment form to request the certificate; the request you submitted is waiting in the agent queue for approval by an agent.

To approve the request:

  1. Go to the Certificate Manager's Agent Services interface.

    The URL is in this format: https://<hostname>:<agent_port>

  2. In the left frame, click List Requests.

  3. In the form that appears, select the "Show pending requests" option and click Find.

  4. In the list of pending requests, identify the request you submitted and approve the request.

    You should see a confirmation page indicating that the certificate has been issued. Don't close the page until after you complete the next step.


Step C. Download the Certificate to the Browser

To download the certificate into your browser's certificate database:

  1. In the confirmation page, scroll down to the section that says "Installing this certificate in a client."

  2. Follow the on-screen instructions and download the certificate to your browser's certificate database.

    (An alternative way to download the certificate is from the Retrieval tab of the end-entity services interface.)

  3. Open the browser's security information window and verify that the certificate has been stored in the certificate database.


Step D. Check the File for the Certificate

Whenever the Certificate Manager issues a certificate, it automatically attempts to publish the certificate to the configured repository—in this case, the file. To check whether the Certificate Manager published the correct certificate, you need to do the following:

  1. Check whether the server generated the DER-encoded file containing the certificate.

    To check whether the server published the certificate as a binary blob to the specified directory, go to the directory or folder you specified for the server to publish certificates. You should see a file with name similar to cert-<serial_number>.der, where <serial_number> specifies the serial number of the certificate contained in the file. If you don't see a file, check your configuration.

  2. Convert the DER-encoded certificate to its base 64-encoded format using the Binary to ASCII tool (see Chapter 8, "Binary to ASCII Tool" of CMS Command-Line Tools Guide).

    To convert the DER-encoded certificate to its base 64-encoded form:

    1. Open a command window.

    2. Go to this directory: <server_root>/bin/cert/tools

    3. At the prompt, enter this: BtoA[.bat] <input_file> <output_file>

      substituting <input_file> with the path to the file that contains the DER encoded certificate and <output_file> with the path to the file to write the base-64 encoded certificate. (The optional .bat specifies the file extension; this is required only when running the utility on a Windows NT system.)

      For example, if the file is in C:\certificates\cert-1234.der and you want the base-64 encoded certificate to be in C:\certificates\cert-1234.txt, the command would look like this: BtoA C:\certificates\cert-1234.der C:\certificates\cert-1234.txt

    4. When the conversion is complete, open the cert.txt file in a text editor. You should see a base-64 encoded certificate similar to this:

      -----BEGIN CERTIFICATE-----

      MMIIBtgYJYIZIAYb4QgIFoIIBpzCCAZ8wggGbMIIBRaADAgEAAgEBM
      A0GCSqGSIb3DQEBBAUAMFcxCAJBgNVBAYTAlVTMSwwKgYDVQQ
      KEyNOZXRzY2FwZSBDb21tdW5pY2F0aWhfyyuougjgjjgmkgjkgmjgfjfgjjj
      gfyjfyj9ucyBDb3Jwb3JhdGlvbjpMEaMBgGA1UECxMRSXNzdWluZyhgdf
      hbfdpffjphotoogdhkBBdXRob3JpdHkwHhcNOTYxMTA4MDkwNzM0W
      hcNOTgxMTA4MDkwNzMM0WjBXMQswCQYDVQQGEwJVUzEsMCo
      GA1UEChMjTmV0c2NhcGUgQ29tbXVuaWNhdGlvbnMgQ29ycG9yY2F0
      aW9ucyBDb3Jwb3JhdGlvbjpMEaMBgGA1UECxMRSXNzdWluZyBBdXR
      ob3JpdHkwHh

      -----END CERTIFICATE-----

  3. Convert the base 64-encoded certificate to a human-readable form using the Pretty Print Certificate tool (see Chapter 9, "Pretty Print Certificate Tool" of CMS Command-Line Tools Guide).

    To convert the base 64-encoded certificate to a human-readable form:

    1. Check the command window to make sure that you are in this directory: <server_root>/bin/cert/tools

    2. At the prompt, enter this:

      PrettyPrintCert[.bat] <input_file> [<output_file>]

      substituting <input_file> with the path to the ASCII file that contains the base-64 encoded certificate and <output_file> with the path to the file to write the certificate in a human-readable form. If you don't specify an output file, the certificate information is written to the standard output. (The optional .bat specifies the file extension; this is required only when running the utility on a Windows NT system.)

      For example, if the base-64 encoded certificate is in C:\certificates\cert-1234.txt and you want the human-readable form of the certificate to be displayed on your screen, the command would look like this:

      PrettyPrintCert.bat C:\certificates\cert-1234.txt

      When the conversion is complete, you should see the certificate you issued in human-readable form.

    3. Compare the output with the certificate you issued; be sure to check the serial number in the certificate with the one used in the filename.

      If everything matches, the Certificate Manager is configured correctly to publish certificates to files.


Step E. Revoke the Certificate

To check whether the Certificate Manager is configured correctly to publish CRLs to flat files, you need to revoke the certificate you issued. Before revoking the certificate, make sure that you've configured the Certificate Manager to publish the CRL every time a certificate is revoked. (In Step D. Specify CRL Details, if you didn't configure the Certificate Manager to publish the CRL every time a certificate is revoked, go back to the Revocation List tab and check the "Every time a certificate is revoked or taken off-hold" option. After the testing, remember to go back to the same tab and uncheck the option.)

To revoke the certificate:

  1. Go back to the end-entity interface for the Certificate Manager (or to a Registration Manager that's connected to this Certificate Manager. Be sure to go to the HTTPS interface; the revocation feature is not available in the HTTP interface.

  2. Click the Revocation tab.

  3. In the left frame, click User Certificate.

    The User Certificate Revocation form appears.

  4. In the Revocation Reason section, select Unspecified and click Submit.

    The browser displays the "Select a Certificate" dialog box and prompts you to choose the certificate you want to revoke.

  5. Select the certificate you downloaded and click OK.

    The certificate is revoked.


Step F. Check the File for the CRL

Whenever the Certificate Manager generates a CRL, it automatically attempts to publish the CRL to the configured repository—in this case, the flat file. The CRL it publishes is a binary blob, in the DER-encoded format. To check whether the Certificate Manager published the correct CRL (in this case, the CRL contains only one certificate), you need to do the following:

  1. Check whether the server generated the DER-encoded file containing the CRL.

    To check whether the server published the CRL as a binary blob to the specified directory, go to the directory you specified for the server to publish CRLs. You should find a file with its name in the crl-<this_update>.der format, where <this_update> specifies the value derived from the time-dependent variable named This Update of the CRL contained in the file. If you don't see the file, check your configuration.

  2. Convert the DER-encoded CRL to its base 64-encoded format using the Binary to ASCII tool (see Chapter 8, "Binary to ASCII Tool" of CMS Command-Line Tools Guide).

    To convert the DER-encoded CRL to its base 64-encoded form:

    1. Open a command window.

    2. Go to this directory: <server_root>/bin/cert/tools

    3. At the prompt, enter this: BtoA[.bat] <input_file> <output_file>

      substituting <input_file> with the path to the file that contains the DER-encoded CRL and <output_file> with the path to the file to write the base-64 encoded CRL. (The optional .bat specifies the file extension; this is required only when running the utility on a Windows NT system.)

      For example, if the DER-encoded file is in C:\crls\crl-949102696899.der and you want the base-64 encoded CRL to be in C:\crls\crl-949102696899.txt, the command would look like this:

      BtoA C:\crls\crl-949102696899.der C:\crls\crl-949102696899.txt

    4. When the conversion is complete, open the crl.txt file in a text editor. You should see a base-64 encoded CRL similar to this:

      -----BEGIN CRL-----

      MIIBkjCBAIBATANBgkqhkiG9w0BAQQFADAsMREwDwYDVQQKEwhOZXRzY2FwZT
      EXMBUGA1UEAxOQ2VydDQwIFRlc3QgQ0EXDTk4MTIxNzIyMzcyNFowgaowIAIB
      ExcNOTgxMjE1MTMxODMyWjAMMAoGA1UdFQDCgEBMCACARIXDTk4MTIxNTEzMj
      A0MlowDDAKBgNVHRUEAwoBAjAgAgERFw05ODEyMTYxMjUxNTRaMAwwCgYDVR0
      VBAMKAQEwIAIBEBcNOTgxMjE3MTAzNzI0WjAMMAoGA1UdFQQDCgEDMCACAQoX
      DTk4MTEyNTEzMTExOFowDDAKBgNVHRUEAwoBATANBgkqhkiG9w0BAQQFAAOBg
      QBCN85O0GPTnHfImYPROvoorx7HyFz2ZsuKsVblTcemsX0NL7DtOa+MyY0pPr
      kXgm157JrkxEJ7GBOeogbAS6iFbmeSqPHj8+JBH5stJNnfTCuhaM6Wx63Wc9L
      wZXOXTPsvpGxq0YYI0+DPfBZlI3z4lCsNczxJV+9NkeMrheEg==

      -----END CRL-----

  3. Convert the base 64-encoded CRL to a human-readable form using the Pretty Print CRL tool (see Chapter 10, "Pretty Print CRL Tool" of CMS Command-Line Tools Guide).

    To convert the base 64-encoded CRL to a human-readable form:

    1. Check the command window to make sure that your are at this directory: <server_root>/bin/cert/tools

    2. At the prompt, enter this: PrettyPrintCrl[.bat] <input_file> [<output_file>]

      substituting <input_file> with the path to the ASCII file that contains the CRL in its base 64-encoded format and <output_file> with the path to the file to write the CRL information in a human-readable form. If you don't specify an output file, the CRL information is written to the standard output. (The optional .bat specifies the file extension; this is required only when running the utility on a Windows NT system.)

      For example, if the base-64 encoded CRL is in
      C:\crls\crl-949102696899.txt and you want the human-readable form of the CRL to be displayed on your screen, the command would look like this:

      PrettyPrintCrl.bat C:\crls\crl-949102696899.txt

      When the conversion is complete, you should see the CRL (in this case, the CRL will only contain the certificate you revoked) in the human-readable form.

    3. Compare the output with the certificate you revoked.

      If they match, the Certificate Manager is configured correctly to publish CRLs to files.



Managing Mapper and Publisher Plug-in Modules

This section explains how to use the CMS window to perform the following operations:


Registering a Mapper or Publisher Module

You can register new mapper or publisher plug-in modules in a Certificate Manager's publishing framework. Registering a new mapper or publisher module involves specifying the name of the module and the full name of the Java class that implements the mapper or publisher interface. For example, you can add a mapper implementation, named as follows, to the Certificate Manager's policy framework:

com.netscape.publishing.customMapper

Before registering a plug-in module, be sure to put the Java class for the module in the classes directory (the implementation must be on the class path).

To register a policy module in a Certificate Manager's publishing framework:

  1. Log in to the CMS window (see Logging In to the CMS Window).

  2. Select the Configuration tab.

  3. In the navigation tree, select Certificate Manager, and then select Publishing.

  4. Select the appropriate object under Publishing:

    • To register a mapper module, select Mappers, and then in the right pane, select the Mapper Plugin Registration tab.

    • To register a publisher module, select Publishers, and then in the right pane, select the Publisher Plugin Registration tab.

    This tab lists registered plug-in modules.

  5. Click Register.

    If you selected Mapper, the Register Mapper Plugin Implementation window appears. If you selected Publisher, the Register Publisher Plugin Implementation window appears.

  6. Specify information as appropriate:

    Plugin name. Type a name for the plug-in module.

    Class name. Type the full name of the class for this module—that is, the path to the implementing Java class. If this class is part of a package, be sure to include the package name. For example, if you are registering a class named myMapper and if this class is in a package named com.myCompany, type com.myCompany.myMapper.

  7. Click OK.

    You are returned to the Mapper Plugin Registration tab or Publisher Plugin Registration tab.

  8. To view the updated configuration, click Refresh.


Deleting a Mapper or Publisher Module

You can delete unwanted mapper or publisher plug-in modules using the CMS window. Before deleting a module, be sure to delete all the rules that are based on this module.

To delete a mapper or publisher module from a Certificate Manager's publishing framework:

  1. Log in to the CMS window (see Logging In to the CMS Window).

  2. Select the Configuration tab.

  3. In the navigation tree, select Certificate Manager, and then select Publishing.

    • To delete a mapper module, select Mappers, and then in the right pane, select the Mapper Plugin Registration tab.

    • To delete a publisher module, select Publishers, and then in the right pane, select the Publisher Plugin Registration tab.

    This tab lists registered plug-in modules.

  4. In the Plugin Name list, select the module you want to delete and click Delete.

  5. When prompted, confirm the delete action.


Previous     Contents     Index     Next     
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated October 07, 2002