Customer Specific Publisher for a PKD-like Catalog

The CustomerLdapPublisher1 publishes end entity (Document Signer) certificates and (CSCA) CRLs according to a customer-specific schema based on the schema defined by ICAO for uploading to the PKD but with some customer-specific extensions added.

Extra attributes are added including checksums of the uploaded objects as well as a feature for putting some log entries in the catalog.

To use the CustomerLdapPublisher1 select Edit Publishers in the Administration GUI, create a new publisher and edit it.

In order to be allowed to enter a manual class path according to the example below, the configuration option web.manualclasspathsenabled=true must be enabled in conf/web.properties.

  • Publisher type: Custom Publisher
  • Class Path (enter manually): org.ejbca.core.model.ca.publisher.custpubl1.CustomerLdapPublisher1
  • Properties of Custom Publisher:
hostnames=localhost
port=1636
basedn=dc=example,dc=com
logindn=cn=Directory Manager
loginpassword=foo123
usessl=true

# Optional properties:
logconnectiontests=true
connectiontimeout=5000
readtimeout=30000
storetimeout=60000 

Click Save and Test Connection to save the entered information and validate that the entered configuration is correct. Select the publisher in the DS certificate profiles and the CSCA.

In the example above, logconnectiontests=true means that clicking Save and test connection will cause a log entry to be added to the catalog. Note that in this case, if health check inspects the publishers, a log entry will also be inserted for every health check run.