Table of Contents
Advertisement
CRL Extension Plug-in Modules
You can configure a Certificate Manager to generate CRLs and publish them to
repositories such as an LDAP directory, a flat file, or an OCSP responder which
other applications may use for checking the revocation status of a certificate or
from which other applications can retrieve the CRL. You can also configure the
Certificate Manager to generate and publish CRLs conforming to either X.509
version 1 or X.509 version 2 standards—CRLs compliant to X.509 version 2
standards contain CRL extensions.
To enable you to add these extensions to the CRL it generates, the Certificate
Manager provides a set of plug-in modules. These modules are implemented as
Java classes and are registered with the Certificate Manager's publishing
framework.
This chapter explains plug-in modules that are installed with a Certificate
Manager—it lists and briefly describes the modules and then explains each one in
detail.
The chapter has the following sections:
•
Overview of CRL Extension Modules (page 280)
•
AuthorityKeyIdentifier Rule (page 281)
•
CRLNumber Rule (page 283)
•
CRLReason Rule (page 284)
•
HoldInstruction Rule (page 286)
•
InvalidityDate Rule (page 287)
•
IssuerAlternativeName Rule (page 289)
•
IssuingDistributionPoint Rule (page 293)
Chapter 7
279
Advertisement
Table of Contents
