Hi Zeus,
> if i need several realms for the services running on the dedicated
> boxes (openvpn and radius for example) than how can i distribute CRL
> to the boxes?
each PKI Realm has its own set of subcomponents, including CRL distribution
points. You can configure one or more LDAP servers or simply have the CRL
stored in the local file system. The configuration is specific to a PKI Realm
and can be different for each single realm.
Example (within a <ca/> definition):
<crl_publication>
<file>
<filename>/var/openxpki/crl-tlsca01.pem</filename>
<format>PEM</format>
</file>
<ldap>
<server>ldaps://ldap.example.com</server>
<port>636</port>
<bind_dn>uid=pkiadm,ou=Users,dc=example,dc=com</bind_dn>
<pass>supersecret</pass>
<base_dn>OU=PKI,o=Example,c=DE</base_dn>
<search_dn>CN=Example TLS CA 1</search_dn>
</ldap>
</crl_publication>
Hope this answers your question.
cheers
Martin
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
