z/OS Cryptographic Services PKI Services Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Determining CRLDistDirPath

z/OS Cryptographic Services PKI Services Guide and Reference
SA23-2286-00

If the protocol for the URI you specified with CRLDistURIn is HTTP protocol, you need to also determine your value for the CRLDistDirPath parameter. The CRLDistDirPath parameter specifies the full path of the var directory where PKI Services will save each DP CRL. The value can be specified with or without the trailing slash. The default value is /var/pkiserv/. If you are customizing this value for a CA Domain, it is recommended that you specify a directory name that contains the CA Domain name, for example /var/pkiserv/employees/. In a case such as this, it is also necessary to add an additional Pass statement to the HTTP configuration file that will map the virtual path name in the URI to the real path specified by this CRLDistDirPath statement.

Statements in the pkiserv.conf file:
CRLDistURI1 = http://www.bankxyz.com/Employees/crls/
CRLDistDirPath = /var/pkiserv/Employees/
Matching Pass statement in the HTTP configuration file:
Pass /Employees/crls/* /var/pkiserv/Employees/*

The default value is /var/pkiserv/. See Specifying the URI format. This value is ignored if you do not create a CRLDistributionPoints extension or if the URI protocol is LDAP.

Parent topic: Customizing distribution point CRLs

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014