Extensions For Crls - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.2 - ADMINISTRATION:
- Manual (240 pages) ,
- Reference manual (337 pages) ,
- Release note (24 pages)
Table of Contents
Advertisement
Appendix A. Certificate and CRL Extensions
Section A.5.1, "Extensions for CRLs"
•
Section A.5.2, "CRL Entry Extensions"
•
A.5.1. Extensions for CRLs
The following CRL descriptions are defined as part of the Internet X.509 v3 Public Key Infrastructure
proposed standard.
Section A.5.1.1, "authorityKeyIdentifier"
•
Section A.5.1.2, "CRLNumber"
•
Section A.5.1.3, "deltaCRLIndicator"
•
Section A.5.1.5, "issuerAltName"
•
Section A.5.1.6, "issuingDistributionPoint"
•
A.5.1.1. authorityKeyIdentifier
A.5.1.1.1. OID
2.5.29.35
A.5.1.1.2. Discussion
The Authority Key Identifier extension for a CRL identifies the public key corresponding to the private
key used to sign the CRL. For details, see the discussion under certificate extensions at
"The
authorityKeyIdentifier".
The PKIX standard recommends that the CA must include this extension in all CRLs it issues because
a CA's public key can change, for example, when the key gets updated, or the CA may have multiple
signing keys because of multiple concurrent key pairs or key changeover. In these cases, the CA ends
up with more than one key pair. When verifying a signature on a certificate, other applications need to
know which key was used in the signature.
A.5.1.1.3. Parameters
Parameter
enable
critical
Table A.4. AuthorityKeyIdentifierExt Configuration Parameters
A.5.1.2. CRLNumber
A.5.1.2.1. OID
2.5.29.20
440
Section A.3.2,
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.2 - ADMINISTRATION and is the answer not in the manual?
Questions and answers