Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 501

Parameter
onlyContainsCACerts
indirectCRL
Table B.38. IssuingDistributionPoint Configuration Parameters
B.4.2.2. CRL Entry Extensions
The sections that follow lists the CRL entry extension types that are defined as part of the Internet
X.509 v3 Public Key Infrastructure proposed standard. All of these extensions are noncritical.
B.4.2.2.1. certificateIssuer
The Certificate Issuer extension identifies the certificate issuer associated with an entry in an indirect
CRL.
This extension is used only with indirect CRLs, which are not supported by the Certificate System.
OID
2.5.29.29
B.4.2.2.2. invalidityDate
The Invalidity Date extension provides the date on which the private key was compromised or that the
certificate otherwise became invalid.
OID
2.5.29.24
Parameters
Parameter
enable
critical
Table B.39. InvalidityDate Configuration Parameters
B.4.2.2.3. CRLReason
The Reason Code extension identifies the reason for certificate revocation.
Standard X.509 v3 CRL Extensions Reference
Description
separated by commas. Leave the field blank if
the distribution point contains revoked certificates
with all reason codes (default).
Specifies that the distribution point contains user
certificates only if set. By default, this is not set,
which means the distribution point contains all
types of certificates.
Specifies that the distribution point contains an
indirect CRL; by default, this is not selected.
Description
Sets whether the extension rule is enabled or
disabled. By default, this is enabled.
Marks the extension as critical or noncritical; by
default, this is noncritical.
479