There's not much use in setting-up the X.509 infrastructure unless the users are not able to access the certificates of end entities. Access to end entity certificates is primarily desirable in order to encrypt the information when sending it over to a specific entity. In addition they can be used as an additional mean of verification.

The certificate repository is meant to be used for exactly this purpose. There are many ways that certificate can be distributed, but this section of the book will concentrate primarily on using the LDAP database as the primary target where the certificates will be stored at, and from which the certificates will be retrieved.

As it's always the case, there are several LDAP Free Software implementations out there which can be used to this end. For the purpose of this cookbook we will concentrate on two:

  • OpenLDAP
  • Apache DS