Table of Contents
Advertisement
authorityInfoAccess
OID
1.3.6.1.5.5.7.1.1
Reference
http://www.ietf.org/rfc/rfc2459.txt
Criticality
This extension must be noncritical.
Discussion
The Authority Information Access extension indicates how and where to access
information about the issuer of the certificate. The extension contains an
and an
accessMethod
OID) the type and format of information about the issuer found at the
.
accessLocation
PKIX Part 1 defines one
have issued certificates higher in the CA chain than the issuer of the certificate
using the extension. The
indicating the location and protocol (LDAP, HTTP, FTP) used to retrieve the list.
The Online Certificate Status Protocol (RFC 2560), available at
http://www.ietf.org/rfc/rfc2560.txt
(
) for using OCSP to verify certificates. The
id-ad-ocsp
contains a URL indicating the location and protocol used to access an OCSP
responder that can validate the certificate.
CMS Version Support
Refer to "AuthInfoAccessExt Plug-in Module" on page 132.
•
CMS 4.1: Not supported
•
CMS 4.2: Supported
•
CMS 4.2-SP2: Supported
•
CMS 4.5: Supported
•
CMS 6.0: Supported
Netscape Recommendation
Netscape recommends that you add this extension with
for an OCSP responder to every certificate that can be verified using OCSP.
4.2.2.1
field. The
accessLocation
(
accessMethod
id-ad-caIssuers
field then typically contains a URL
accessLocation
, defines an
Standard X.509 v3 Certificate Extensions
accessMethod
) to get a list of CAs that
accessMethod
accessLocation
id-ad-ocsp
Appendix C
Certificate and CRL Extensions
specifies (by an
field then
and the URL
339
Advertisement
Table of Contents
