Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 499

Parameter
Table B.37. IssuerAlternativeName Configuration Parameters
B.4.2.1.7. issuingDistributionPoint
The Issuing Distribution Point CRL extension identifies the CRL distribution point for a particular CRL
and indicates what kinds of revocation it covers, such as revocation of end-entity certificates only, CA
certificates only, or revoked certificates that have a limited set of reason codes.
PKIX Part I does not require this extension.
OID
2.5.29.28
Standard X.509 v3 CRL Extensions Reference
Description
• For iPAddress, the value must be a valid IP
address specified in dot-separated numeric
component notation. It can be the IP address
or the IP address including the netmask. An
IPv4 address must be in the format n.n.n.n or
n.n.n.n,m.m.m.m. For example, 128.21.39.40
or 128.21.39.40,255.255.255.00. An IPv6
address uses a 128-bit namespace, with
the IPv6 address separated by colons and
the netmask separated by periods. For
example, 0:0:0:0:0:0:13.1.68.3, FF01::43,
0:0:0:0:0:0:13.1.68.3,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:25
and
FF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000.
• For OID, the value must be a unique,
valid OID specified in the dot-separated
numeric component notation. For example,
1.2.3.4.55.6.5.99. Although custom OIDs can
be used to evaluate and test the server, in
a production environment, comply with the
ISO rules for defining OIDs and for registering
subtrees of IDs.
• For otherName, the names can be any other
format; this supports PrintableString,
IA5String, UTF8String, BMPString, Any,
and KerberosName. PrintableString,
IA5String, UTF8String, BMPString, and
Any set a string to a base-64 encoded file
specifying the subtree, such as /var/lib/pki-
ca/othername.txt. KerberosName has the
format Realm|NameType|NameStrings, such
as realm1|0|userID1,userID2. The name must
be the absolute path to the file that contains
the general name in its base-64 encoded
format. For example, /var/lib/pki-ca/extn/ian/
othername.txt.
477