Chapter 7 Crl Extension Plug-In Modules - Netscape MANAGEMENT SYSTEM 6.0 - PLUG-IN Manual

CRL Extension Plug-in Modules
You can configure a Certificate Manager to generate CRLs and publish them to
repositories such as an LDAP directory, a flat file, or an OCSP responder which
other applications may use for checking the revocation status of a certificate or
from which other applications can retrieve the CRL. You can also configure the
Certificate Manager to generate and publish CRLs conforming to either X.509
version 1 or X.509 version 2 standards—CRLs compliant to X.509 version 2
standards contain CRL extensions.
To enable you to add these extensions to the CRL it generates, the Certificate
Manager provides a set of plug-in modules. These modules are implemented as
Java classes and are registered with the Certificate Manager's publishing
framework.
This chapter explains plug-in modules that are installed with a Certificate
Manager—it lists and briefly describes the modules and then explains each one in
detail.
The chapter has the following sections:
• Overview of CRL Extension Modules (page 280)
• AuthorityKeyIdentifier Rule (page 281)
• CRLNumber Rule (page 283)
• CRLReason Rule (page 284)
• HoldInstruction Rule (page 286)
• InvalidityDate Rule (page 287)
• IssuerAlternativeName Rule (page 289)
• IssuingDistributionPoint Rule (page 293)
Chapter 7
279