Table of Contents
Advertisement
IssuingDistributionPoint Rule
The
IssuingDistributionPoint
Manager to set the Issuing Distribution Point Extension defined in X.509 and PKIX
standard RFC 2459 (see
CRL issuing point extension enables you to specify a pointer to a particular CRL
and to include additional information about the CRL at that location—whether it
covers revocation of end-entity certificates only, CA certificates only, or revoked
certificates that have a limited set of reason codes.
By default, the pointer can be in either of these forms:
•
The name of the X.500 directory that stores the CRL
•
The URI to the location that contains the CRL
Optionally, each issuing point may contain a set of reason flags, indicating what
revocation reasons are covered by the CRL at the specified location. Note that you
can modify the rule to support any name form by making the appropriate changes
to the sample code provided for this purpose. The sample code is located here:
<server_root>/cms_sdk/cms_jdk/samples/CRLs/IssuingDistributionPoint
For general guidelines on setting the issuing distribution point extension in CRLs,
see "issuingDistributionPoint" on page 364.
Figure 7-8 shows how configurable parameters for the
IssuingDistributionPoint
Figure 7-8
rule enables you to configure a Certificate
http://www.ietf.org/rfc/rfc2459.txt
rule are displayed in the CMS window.
Parameters defined in the IssuingDistributionPoint rule
IssuingDistributionPoint Rule
Chapter 7
CRL Extension Plug-in Modules
) in CRLs. The
295
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN and is the answer not in the manual?
Questions and answers