CRL Distribution Point objects used for configuring a local CA
2 years ago
Originally Published: 2003-02-03
Article Number
000055452
Applies To
Keon Certificate Authority 6.5
Microsoft Windows
UNIX (AIX, HP-UX, Solaris)
Issue
CRL Distribution Point objects used for configuring a local CA
Resolution
A local CA can be configured to include CRL Distribution Points.

Create a local CA with a Custom CA profile allows the administrator to highlight the 'CRL Distribution Points' extension from the available extensions listing. During the CA Certificates Extensions Values configuration a specifed number of DistributionPoint objects can be configured for the cRLDistPoints option. There are three types of DistributionPoint object; distributionPoint, reasons, cRLIssuer.

A cRLIssuer DistributionPoint object has a maximum of eight CRLIssuer objects available; otherName, rfc822Name, dNSName, directoryName, editPartyName, uRL, IPAddress and registeredID.

- otherName requires an OID type-id and value

- directoryName requires a number of RelativeDistinguishedName to be defined

      RelativeDistinguishedName attributes available for usage in the directoryName configuration;
      - commonName
      - countryName
      - localityName
      - stateOrProvinceName
      - organizationName
      - organizationalUnitName
      - title
      - pkcs9email
      - postalAddress
      - pseudonym
      - dateOfBirth
      - placeOfBirth
      - gender
      - countryOfCitizenship
      - countryOfResidence

For more information on supported DistributionPoint objects, see the solution regarding Which CRL entry extensions are used and supported?

Related Articles

Trending Articles

Don't see what you're looking for?