SSH Communications Security
Index
SSH Home page
Previous Next Up [Contents] [Index]

    Introduction >>
    Configuration >>
    Connecting >>
    Terminal Window >>
    File Transfer >>
    Toolbar Reference >>
    Menu Reference >>
    Advanced Information >>
        SSH2 Functionality >>
        Public-Key Infrastructure (PKI) >>
            CA
            Certificate Enrollment
            Certificate Revocation
            Directory Services
        Using Certificate Authentication>>
    Troubleshooting >>
    Appendices >>

Directory Services

Certificates and CRLs have to be distributed to directories in order to be available to PKI users. Information about how CRLs are to be obtained can be indicated in an extension field (distribution point) of an X.509 v3 certificate.

The Lightweight Directory Access Protocol (LDAP) has become a de facto standard procedure for CRL and certificate distribution. This enables interoperability with third party directory servers based on the LDAP standard. OCSP can be seen as an replacement for LDAP since with it revocation lists are not needed. However, encryption certificates still need to be fetched from somewhere, such as an LDAP directory.

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2001 SSH Communications Security Corp
All rights reserved.
Copyright Notice