The Certificate Controller (CC) in Certificate Manager is used by officers to publish and manage publications, activate OCSP, revoke, and reinstate certificates either individually or in groups.

Tasks done in CC

Instructions for the tasks that are done in the CC can be found here:

Information about distribution rules

End-user certificates issued by the Registration Authority (RA) are not necessarily distributed to an X.500/LDAP directory immediately. This depends on the token procedure selected during the issuing process. Refer to Policy tasks in Certificate Manager within CA administration tasks in Certificate Manager for further information on the relationship between token procedures, certificate procedures and distribution rules.

The certificate may not have been distributed to specific directories because the issuing authority requires confirmation from the user that the certificate/smart card has been received, before publishing. Certificates that have not been published can be located using the CC and then distributed to the relevant directories. All certificates have a validity period. A certificate may, for various reasons, be revoked before the validity period expires. It is also possible to inhibit a certificate temporarily. The certificate is then put on hold. A certificate on hold may be reinstated. Certificates that are on hold or that have been revoked are published in certificate revocation lists (CRLs).