locked
Root CA LDAP publishing RRS feed

  • Question

  • Hi,

    Question regarding the LDAP publishing points specifically within a post setup file for a root CA. for arguments sake we wont be using HTTP points, just LDAP :)

    from googling around here at the two lines I need to add to my post config file

    "ldap:///CN=%%7%%8,CN=%%2,CN=CDP,CN=Public Key Services,CN=Services,%%6%%10"

    &

    "ldap:///CN=%%7,CN=AIA,CN=Public Key Services,CN=Services,%%6%%11"

    so heres my question - wont these cause an error when I'm trying to resolve the points from AD???

    because my root Ca is offline the %%6 is = ConfigDN / forms the directory path for publication... now the root is offline and never connected to the domain, so in my mind it means it cannot create this part of the path.

    should I change this to something like "ldap:///CN=%%7%%8,CN=%%2,CN=CDP,CN=Public Key Services,CN=Services,DC=company,DC=net,%%10"

    I can just put in the %%6%%10 + %%6%%11 parrot fassion if it just "works" - buts I'd like to understand why that would work as again how can the %%6 give a valid LDAP path foa a machine that was never part of the domain??

    Tuesday, January 15, 2013 9:42 AM