Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 500

Appendix B. Defaults, Constraints, and Extensions for Certificates and CRLs
Criticality
PKIX requires that this extension be critical if it exists.
Parameters
Parameter
enable
critical
pointType
pointName
onlySomeReasons
478
Description
Sets whether the extension is enabled; the
default is disabled.
Marks the extension as critical, the default, or
noncritical.
Specifies the type of the issuing distribution point
from the following:
• directoryName specifies that the type is an
X.500 directory name.
• URIName specifies that the type is a uniform
resource indicator.
Gives the name of the issuing distribution point.
The name of the distribution point depends
on the value specified for the pointType
parameter.
• For directoryName, the name must
be an X.500 name. For example,
cn=CRLCentral,ou=Research Dept,o=Example
Corporation,c=US.
• For URIName, the name must be a URI that is
an absolute pathname and specifies the host.
For example, http://testCA.example.com/get/
crls/here/.
NOTE
The CRL may be stored in the
directory entry corresponding to the
CRL issuing point, which may be
different than the directory entry of
the CA.
Specifies the reason codes associated with the
distribution point.
Permissible values are a combination of reason
codes (unspecified, keyCompromise,
cACompromise, affiliationChanged,
superseded, cessationOfOperation,
certificateHold, and removeFromCRL)