Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 494
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Appendix B. Defaults, Constraints, and Extensions for Certificates and CRLs
Parameter
enable
critical
numberOfAccessDescriptions
accessMethodn
accessLocationTypen
accessLocationn
Table B.32. Authority Infomation Access Configuration Parameters
B.4.2.1.2. authorityKeyIdentifier
The Authority Key Identifier extension for a CRL identifies the public key corresponding to the private
key used to sign the CRL. For details, see the discussion under certificate extensions at
"authorityKeyIdentifier".
The PKIX standard recommends that the CA must include this extension in all CRLs it issues because
a CA's public key can change, for example, when the key gets updated, or the CA may have multiple
signing keys because of multiple concurrent key pairs or key changeover. In these cases, the CA ends
up with more than one key pair. When verifying a signature on a certificate, other applications need to
know which key was used in the signature.
472
Description
Specifies whether the rule is enabled or disabled.
The default is to have this extension disabled.
Sets whether the extension is marked as critical;
the default is noncritical.
Indicates the number of access descriptions,
from 0 to any positive integer; the default is 0.
When setting this parameter to an integer other
than 0, set the number, and then click OK to
close the window. Re-open the edit window for
the rule, and the fields to set the points will be
present.
The only accepted value for this parameter is
caIssuers. The caIssuers method is used when
the information available lists certificates that
can be used to verify the signature on the CRL.
No other method should be used when the AIA
extension is included in a CRL.
Specifies the type of access location for the
n access description. The options are either
DirectoryName or URI.
If accessLocationType is set to
DirectoryName, the value must be a string
in the form of an X.500 name, similar to the
subject name in a certificate. For example,
CN=CACentral,OU=Research Dept,O=Example
Corporation,C=US.
If accessLocationType is set to URI, the
name must be a URI; the URI must be an
absolute pathname and must specify the host.
For example, http://testCA.example.com/get/crls/
here/.
Section B.3.2,
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?