CRLDistributionPointsExt Plug-in Module
Description of parameters defined in the CRLDistributionPointsExt module (Continued)
Table 4-8
Parameter
Description
Specifies the name of the issuer that has signed the CRL maintained at distribution
issuerName<n>
point.
Permissible values: Any supported name forms. By default, the name can be in any of
the following formats:
• An X.500 directory name in the RFC 2253 syntax (see
• A URI; for example, it would look similar to this:
Specifies the general-name type of the CRL issuer that has signed the CRL maintained
issuerType<n>
at distribution point.
Permissible values: DirectoryName or URI. The value you specify for this
parameter must correspond to the value in the issuerName field.
• Select DirectoryName if the value in the issuerName field is an X.500 directory
• Select URI if the value in the issuerName field is a uniform resource indicator.
Example: DirectoryName
CRLDistributionPointsExt Rule
The policy rule named
CRLDistributionPointsExt
automatically creates this rule during installation. By default, the rule is configured
as follows:
•
The rule is disabled; for the rule to be effective, it must be enabled and
configured appropriately.
•
The predicate field is left blank so that the extension gets added to all
certificates.
•
The extension is marked noncritical (to comply with the PKIX
recommendation).
•
Other fields are left blank for you to enter the appropriate information.
168
Netscape Certificate Management System Plug-ins Guide • October 2001
http://www.ietf.org/rfc/rfc2253.txt); note that RFC 2253 replaces RFC
1779. For example, the name would look similar to this:
CN=CA Central, OU=Research Dept, O=Siroe Corporation, C=US
http://testCA.siroe.com:80
name (default).
CRLDistributionPointsExt
module. Certificate Management System
is an instance of the