CRL Distribution Point objects used for configuring a local CA

3 years ago

Originally Published: 2003-02-03

Article Number

000055452

Applies To

Keon Certificate Authority 6.5
Microsoft Windows
UNIX (AIX, HP-UX, Solaris)

Issue

CRL Distribution Point objects used for configuring a local CA

Resolution

A local CA can be configured to include CRL Distribution Points.

Create a local CA with a Custom CA profile allows the administrator to highlight the 'CRL Distribution Points' extension from the available extensions listing. During the CA Certificates Extensions Values configuration a specifed number of DistributionPoint objects can be configured for the cRLDistPoints option. There are three types of DistributionPoint object; distributionPoint, reasons, cRLIssuer.

A cRLIssuer DistributionPoint object has a maximum of eight CRLIssuer objects available; otherName, rfc822Name, dNSName, directoryName, editPartyName, uRL, IPAddress and registeredID.

- otherName requires an OID type-id and value

- directoryName requires a number of RelativeDistinguishedName to be defined

      RelativeDistinguishedName attributes available for usage in the directoryName configuration;
      - commonName
      - countryName
      - localityName
      - stateOrProvinceName
      - organizationName
      - organizationalUnitName
      - title
      - pkcs9email
      - postalAddress
      - pseudonym
      - dateOfBirth
      - placeOfBirth
      - gender
      - countryOfCitizenship
      - countryOfResidence

For more information on supported DistributionPoint objects, see the solution regarding Which CRL entry extensions are used and supported?

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles