The DIT Structure PKCs and ACs are held in child entries CRLs are held in child subtrees dc=myorg dc=com ou=people cn=my entry Encryption PKC Signing PKC AC containing roles ou=My CA dc=myorg dc=com CRL CRL entries serialno=nnnn + issuer=‘ou=MyCA,dc=myorg,dc=com’ |