Understanding the Repository

The Certificate Repository contains the system that holds certificates and information about all unexpired certificates including revocation information. Each item below has a specific function and a brief explanation is given as to the purpose of that function.


Lightweight Directory Access Protocol (LDAP) which is an online directory service protocol where entries are stored in a hierarchical structure indexed by a unique identifier called the Distinguished Name.

HTTPS Directory Gateway

Usually a common interface to allow a client to authenticate to one server and the authentication allows the user to gain access to other services as well.

ECA Root Certificate

This certificate is self-signed, meaning that it is at the top of a trust pyramid. All subordinate certificates inherit their trust from the Root Signing Certificate of that particular PKI, in this case, the ECA Root Certificate.

CA Signing Certificate

A certificate is the binding of an entity’s identity to a public/private key pair, usually by a trusted third party. The CA signing certificate is used to digitally sign subordinate certificates for end-entities or other CA certificates.

Certificate Revocation List (CRL)

Used to view a list of certificates that have been revoked but have not yet expired. The CRL is digitally signed by the CA to ensure its validity to relying parties.

host: eca-ds.orc.com:389
base DN: cn=ORC ECA, ou=Certification Authorities, ou=ECA, o=U.S. Government, c=US
attribute: certificaterevocationlist;binary