Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Netscape CMS4.2 ...and CRL

To: "'laurent'" <[email protected]>, [email protected]
Subject: RE: [FW1] Netscape CMS4.2 ...and CRL
From: Emmanuel Bailleul <[email protected]>
Date: Mon, 30 Apr 2001 15:30:30 +0200
Sender: [email protected]

Where is the CRL published in CMS ? ... If I remember well it's in the
administrator entry, in 'certificateRevocationList' attribute. Your LDAP AU
should be configured to get info from the branch your admin is in. I think
the fw will perform a search with a filter on 'certificateRevocationList' to
find it.

-----Message d'origine-----
De: laurent [mailto:[email protected]]
Date: mardi 1 mai 2001 14:42
À: Emmanuel Bailleul; [email protected]
Objet: Re: [FW1] Netscape CMS4.2 ...and CRL


I've created a second LDAP server with CRL Retrieval checked.
I think the problem is coming from the fetch command.
The CRL is define as a poeple created by the publishing module.
It's a simple user in the same organization. I've tried to fetch with cn=
... ,o=home
I'm using the same DN to access to the ldap server. The automatic fetch give
me always o=home.

Is it possible with CMS to create another organisation only to put the CRL ?
How ?

thanks.
laurent.



> You declare an LDAP server as an LDAP account unit in FW1. Then you have
the
> choice to declare it as a user management directory or a CRL retrieval
> directory. If you use LDAP, maybe you didn't define the right branch of
your
> directory tree for the retrieval of the CRL ?
>
> Emmanuel Bailleul
> ASCOM ADILAN
>
> -----Message d'origine-----
> De: laurent [mailto:[email protected]]
> Date: mardi 1 mai 2001 11:05
> À: Emmanuel Bailleul; [email protected]
> Objet: Re: [FW1] Netscape CMS4.2 ...and CRL
>
>
> Ldap server already declared and CRL retrieval checked.
> Accoung Management Client 1.1 is working perfectly.
>
> I always getting IKE log: .... no valid CRL .. contact CA admin ... when
> installing rules.
> You are talking about the creation of an account unit ?? How can I do that
> ..
>
> laurent.
>
>
>
> >
> > Hi,
> > The first option is to declare an LDAP account unit with the 'CRL
> retreival'
> > option checked - in this case you have nothing to add to your
certificate.
> > The second is to use HTTP and then to add the crlDistributionPoint
> extension
> > to your certificates, firewall and clients.
> >
> > Emmanuel Bailleul
> > ASCOM ADILAN
> >
> > -----Message d'origine-----
> > De: laurent [mailto:[email protected]]
> > Date: jeudi 26 avril 2001 14:34
> > À: [email protected]
> > Objet: [FW1] Netscape CMS4.2 ...and CRL
> >
> >
> >
> > CMS 4.2SP2. (nt box ... mmhhh, sorry ;-)
> >
> > Modifications:
> > Authentication Instance created: UserDirEnrollment. to use Ldap users.
> > Policies:    RSAKeyRule minsize 1024 bits.
> > CRL Extensions: Enbled IssuingDistributionPoint, CRL number ...
> > Publishing configured to ldap using default mappers
> > UID=$subj.cn,OU=people,O=$subj,o
> > A specific user is created with the named of my organisation which
> contains
> > certificate, cacertificate, AuthorityRevocationList and CRL.
> >
> > Question: If I want to use certificate with Checkpoint firewall-1, I
need
> > the CRL which is think is described in the firewall module certificate
> > extensions with IssuingDistribution point.
> > But I can't see any of these specific extensions .... why ?
> >
> > Is there anything I can do to explain to fw1 where is the CRL.?
> >
> > I've done the default labo installation..
> >
> > Could someone help me ..
> >
> > thanks,
> > laurent
> >
> >
> >
> >
> >
> >
> >
> >
>
============================================================================
> > ====
> >      To unsubscribe from this mailing list, please see the instructions
at
> >                http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> > ====
> >
> >
> >
>
============================================================================
> ====
> >      To unsubscribe from this mailing list, please see the instructions
at
> >                http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> ====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Good question about Secure Remote and topology download
Next by Date: [FW1] strange "failed to open" error after upgrade from 4.0 to 4.1SP2
Previous by thread: Re: [FW1] Netscape CMS4.2 ...and CRL
Next by thread: RE: [FW1] Netscape CMS4.2 ...and CRL
Index(es):
- Date
- Thread