|Applies To||Microsoft Windows 2000 Server|
Microsoft Windows NT Server
Keon Certificate Authority 5.7
|Issue||Does KCA publish reason codes for revoked certificates?|
KCA operating normally
CRL is published to LDAP or HTTP
There are no reason codes given for certificates revoked by KCA
|Cause||KCA publishes only 2 reason codes for a revoked a certificate, 0 for unspecified and 6 for certificateHold|
|Resolution||Refer to RFC for CRL profiles (RFC 2459 http://www.ietf.org/rfc/rfc2459.txt). In the section for reason codes (under the section for extensions) it gives the following as reason codes:|
"Unspecified" is universally the default reason code. When KCA decides to publish this, rather than give the reason code along with the revocation it defaults to giving nothing for the reason (applications such as OCSP will pick this up as the unspecified code)
When you publish a suspended certificate in the CRL. the reason code specified by KCA is then reason 6 "certificateHold" and this can be seen in Internet Explorer.
See also Can you specify a reason code for a revoked certificate in KCA?
|Legacy Article ID||a5857|