[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Netscape CMS4.2 ...and CRL
Where is the CRL published in CMS ? ... If I remember well it's in the administrator entry, in 'certificateRevocationList' attribute. Your LDAP AU should be configured to get info from the branch your admin is in. I think the fw will perform a search with a filter on 'certificateRevocationList' to find it. -----Message d'origine----- De: laurent [mailto:[email protected]] Date: mardi 1 mai 2001 14:42 À: Emmanuel Bailleul; [email protected] Objet: Re: [FW1] Netscape CMS4.2 ...and CRL I've created a second LDAP server with CRL Retrieval checked. I think the problem is coming from the fetch command. The CRL is define as a poeple created by the publishing module. It's a simple user in the same organization. I've tried to fetch with cn= ... ,o=home I'm using the same DN to access to the ldap server. The automatic fetch give me always o=home. Is it possible with CMS to create another organisation only to put the CRL ? How ? thanks. laurent. > You declare an LDAP server as an LDAP account unit in FW1. Then you have the > choice to declare it as a user management directory or a CRL retrieval > directory. If you use LDAP, maybe you didn't define the right branch of your > directory tree for the retrieval of the CRL ? > > Emmanuel Bailleul > ASCOM ADILAN > > -----Message d'origine----- > De: laurent [mailto:[email protected]] > Date: mardi 1 mai 2001 11:05 > À: Emmanuel Bailleul; [email protected] > Objet: Re: [FW1] Netscape CMS4.2 ...and CRL > > > Ldap server already declared and CRL retrieval checked. > Accoung Management Client 1.1 is working perfectly. > > I always getting IKE log: .... no valid CRL .. contact CA admin ... when > installing rules. > You are talking about the creation of an account unit ?? How can I do that > .. > > laurent. > > > > > > > Hi, > > The first option is to declare an LDAP account unit with the 'CRL > retreival' > > option checked - in this case you have nothing to add to your certificate. > > The second is to use HTTP and then to add the crlDistributionPoint > extension > > to your certificates, firewall and clients. > > > > Emmanuel Bailleul > > ASCOM ADILAN > > > > -----Message d'origine----- > > De: laurent [mailto:[email protected]] > > Date: jeudi 26 avril 2001 14:34 > > À: [email protected] > > Objet: [FW1] Netscape CMS4.2 ...and CRL > > > > > > > > CMS 4.2SP2. (nt box ... mmhhh, sorry ;-) > > > > Modifications: > > Authentication Instance created: UserDirEnrollment. to use Ldap users. > > Policies: RSAKeyRule minsize 1024 bits. > > CRL Extensions: Enbled IssuingDistributionPoint, CRL number ... > > Publishing configured to ldap using default mappers > > UID=$subj.cn,OU=people,O=$subj,o > > A specific user is created with the named of my organisation which > contains > > certificate, cacertificate, AuthorityRevocationList and CRL. > > > > Question: If I want to use certificate with Checkpoint firewall-1, I need > > the CRL which is think is described in the firewall module certificate > > extensions with IssuingDistribution point. > > But I can't see any of these specific extensions .... why ? > > > > Is there anything I can do to explain to fw1 where is the CRL.? > > > > I've done the default labo installation.. > > > > Could someone help me .. > > > > thanks, > > laurent > > > > > > > > > > > > > > > > > ============================================================================ > > ==== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > > ============================================================================ > > ==== > > > > > > > ============================================================================ > ==== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > > ============================================================================ > ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|