Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 502

Extension-Specific Policy Module Reference
Table 12-21 CRLDistributionPointsExt Configuration Parameters
Parameter Description
Specifies whether the rule is enabled or disabled. Select to enable, deselect to disable.
enable
Specifies the predicate expression for this rule. If you want this rule to be applied to all
predicate
certificate requests, leave the field blank (default). To form a predicate expression, see "Using
Predicates in Policy Rules" on page 465.
Specifies whether the extension should be marked critical or noncritical. Select to mark
critical
critical, deselect to mark noncritical (default).
Specifies the total number of CRL distribution points to be contained or allowed in the
numPoints
extension. Can be set to either 0 specifying that no distribution points can be contained in the
extension or to n specifies the total number of distribution points to be included in the
extension; it must be an integer greater than zero. The default is 3.
Note that when you set a number other than O, each distribution point has its own set of
configuration parameters and you must specify appropriate values for each of those
parameters; otherwise the policy rule will return an error. Each set of configuration parameters
is distinguished by <n>, which is an integer derived from the value you assign in this field. For
example, if you set the numPoints parameter to 2, <n> would be 0 and 1.
Specifies the name of the CRL distribution point, the name can be in any of the following
pointName<n>
formats:
•
•
•
Specifies the type of the CRL distribution point.
pointType<n>
Permissible values: DirectoryName, URI, or RelativeToIssuer. The type you select
must correspond to the value in the pointName field.
•
•
•
502 Red Hat Certificate System Administrator's Guide • September 2005
An X.500 directory name in the RFC 2253 syntax. For example, the name would look
similar to the subject name in a certificate, like this: CN=CA Central,
OU=Research Dept, O=Example Corporation, C=US
A URI; for example, it would look similar to this:
http://testCA.example.com:80
An RDN which specifies a location relative to the CRL Issuer. In this case, the value of the
pointType attribute must be RelativeToIssuer.
Select DirectoryName if the value in the pointName field is an X.500 directory
name (default).
Select URI if the value in the pointName field is a uniform resource indicator.
Select RelativeToIssuer if the value in the pointName field is a location relative
to the CRL Issuer.