summaryrefslogtreecommitdiffstats
path: root/design/hs_pki_ldap
blob: 8b8c378322f943a1f6595693b1afae65fd6cdcfb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
ou=Peoples,dc=hackerspace,dc=pl
ou=Services,dc=hackerspace,dc=pl
ou=Group,dc=hackerspace,dc=pl

#Root of PKI
cn=PKI,ou=Services,dc=hackerspace,dc=pl

# Certificate templates (access for server ro, KC rw)
ou=Templates,ou=Certificate,cn=PKI,ou=Services,dc=hackerspace,dc=pl

# Authoritative Information Extension (CA bundle; all CA certificates are published here,
# each CA has it's own subtree here)
cn=AIA,cn=PKI,ou=Services,dc=hackerspace,dc=pl
cn=CA1,cn=AIA,cn=PKI,ou=Services,dc=hackerspace,dc=pl
cn=CA2,cn=AIA,cn=PKI,ou=Services,dc=hackerspace,dc=pl
...

# CRL Distribution Points - each CA has its own
cn=CDP,cn=PKI,ou=Services,dc=hackerspace,dc=pl
cn=CA1,cn=CA1,cn=PKI,ou=Services,dc=hackerspace,dc=pl
cn=CA2,cn=CA2,cn=PKI,ou=Services,dc=hackerspace,dc=pl
...

# Issued certificates
cn=Certificates,cn=PKI,ou=Services,dc=hackerspace,dc=pl
uid=d3llf,cn=Certificates,cn=PKI,ou=Services,dc=hackerspace,dc=pl

# End user certificates
cn=People,cn=Certificates,cn=PKI,ou=Services,dc=hackerspace,dc=pl

# Application certificates
cn=App1,cn=Certificates,cn=PKI,ou=Services,dc=hackerspace,dc=pl
cn=App2,cn=Certificates,cn=PKI,ou=Services,dc=hackerspace,dc=pl
...