Table of Contents
Advertisement
By default, the policy supports three access methods:
•
(this method is also identified by its OID, 1.3.6.1.5.5.7.48.2).
caIssuers
As specified in the PKIX standard, you should use the
when the additional information is a list of parent CAs or CAs that have issued
certificates superior to the CA that issued the certificate containing the
extension. The certificate-using application may use the list of parent CAs
referenced by the extension to determine the certification path and to check
whether the path terminates at a point trusted by the certificate user.
When you use the
extension must take any of the following general-name forms:
Uniform resource identifier (URI) if the information is available via HTTP,
FTP, or LDAP.
An X.500 directory name if the information is available via the directory
access protocol (DAP).
An rfc822Name if the information is available via electronic mail.
•
(this method is also identified by its OID, 1.3.6.1.5.5.7.48.1).
ocsp
The
method indicates to the certificate-using client that it must use the
ocsp
OCSP protocol to access the location that contains additional information
about the CA that has issued the certificate. You should use the
when you want to reference to the online validation authority that maintains
the revocation status of certificates issued by the CA.
When you use the
must be a uniform resource indicator (URI); this means, the location type must
be
and the location value must be the complete URL (including the port
URL
number) at which the online validation authority for the CA is listening for
OCSP requests from OCSP-compliant clients.
•
(this method is also identified by its OID, 2.16.840.1.113730.16.1)
renewal
The
method works with the automated-certificate-renewal feature
renewal
built into Netscape Personal Security Manager. When you use this method, the
access location referenced in the extension must be a URI. For details, check the
Netscape Personal Security Manager Deployment Guide.
The built-in support for the
location in the extension conform to the profile defined in RFC 2560 (see
http://www.ietf.org/rfc/rfc2560.txt
For details about OCSP support in Certificate Management System, see Chapter 21,
"Setting Up an OCSP Responder" of CMS Installation and Setup Guide.
method, the access location referenced in the
caIssuers
method, the access location referenced in the extension
ocsp
access method and a URI value for the access
ocsp
) for CAs that support the OCSP service.
Chapter 4
AuthInfoAccessExt Plug-in Module
method
caIssuers
ocsp
Certificate Extension Plug-in Modules
method
135
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE