[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Netscape CMS4.2 ...and CRL

To: "'laurent'" <[email protected]>, Emmanuel Bailleul <[email protected]>, [email protected]
Subject: RE: [FW1] Netscape CMS4.2 ...and CRL
From: Emmanuel Bailleul <[email protected]>
Date: Mon, 30 Apr 2001 11:58:20 +0200
Sender: [email protected]


You declare an LDAP server as an LDAP account unit in FW1. Then you have the
choice to declare it as a user management directory or a CRL retrieval
directory. If you use LDAP, maybe you didn't define the right branch of your
directory tree for the retrieval of the CRL ?

Emmanuel Bailleul
ASCOM ADILAN

-----Message d'origine-----
De: laurent [mailto:[email protected]]
Date: mardi 1 mai 2001 11:05
�: Emmanuel Bailleul; [email protected]
Objet: Re: [FW1] Netscape CMS4.2 ...and CRL


Ldap server already declared and CRL retrieval checked.
Accoung Management Client 1.1 is working perfectly.

I always getting IKE log: .... no valid CRL .. contact CA admin ... when
installing rules.
You are talking about the creation of an account unit ?? How can I do that
..

laurent.



>
> Hi,
> The first option is to declare an LDAP account unit with the 'CRL
retreival'
> option checked - in this case you have nothing to add to your certificate.
> The second is to use HTTP and then to add the crlDistributionPoint
extension
> to your certificates, firewall and clients.
>
> Emmanuel Bailleul
> ASCOM ADILAN
>
> -----Message d'origine-----
> De: laurent [mailto:[email protected]]
> Date: jeudi 26 avril 2001 14:34
> �: [email protected]
> Objet: [FW1] Netscape CMS4.2 ...and CRL
>
>
>
> CMS 4.2SP2. (nt box ... mmhhh, sorry ;-)
>
> Modifications:
> Authentication Instance created: UserDirEnrollment. to use Ldap users.
> Policies:    RSAKeyRule minsize 1024 bits.
> CRL Extensions: Enbled IssuingDistributionPoint, CRL number ...
> Publishing configured to ldap using default mappers
> UID=$subj.cn,OU=people,O=$subj,o
> A specific user is created with the named of my organisation which
contains
> certificate, cacertificate, AuthorityRevocationList and CRL.
>
> Question: If I want to use certificate with Checkpoint firewall-1, I need
> the CRL which is think is described in the firewall module certificate
> extensions with IssuingDistribution point.
> But I can't see any of these specific extensions .... why ?
>
> Is there anything I can do to explain to fw1 where is the CRL.?
>
> I've done the default labo installation..
>
> Could someone help me ..
>
> thanks,
> laurent
>
>
>
>
>
>
>
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] Netscape CMS4.2 ...and CRL
  - From: "laurent" <[email protected]>

Prev by Date: RE: [FW1] Security Policy Download Error
Next by Date: [FW1] Secure Remote and Network Interface problem
Prev by thread: Re: [FW1] Netscape CMS4.2 ...and CRL
Next by thread: Re: [FW1] Netscape CMS4.2 ...and CRL
Index(es):
- Date
- Thread