Netscape MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION Manual page 91

Table 3-23 Parameters Accepted by the Revocation Interface (Continued)
Parameter
doSslAuth
op
reasonCode
serialNumber
subject
Format and Description
on | off
Instructs the CMS server to request SSL client authentication. The certificate
that the entity then presents will be the one that is automatically revoked.
Only valid if certType = client.
RevocationRequest
RevocationRequest is the only value currently supported for the op
parameter. This parameter is required.
0-8
The reasonCode identifies the reason the certificate is being revoked. This
information will be recorded on the Certificate Revocation List. The
reasonCode is only valid for automatic revocation requests. Manual
revocation requests can use the csrRequestorComments parameter to tell
the processing agent why the certificate is being revoked.
The meaning of the reasonCode values are:
• 0 - Unspecified
• 1 - Key Compromised
• 2 - CA Compromise*
• 3 - Affiliation Changed
• 4 - Certificate Superseded
• 5 - Cessation of Operation
• 6 - Certificate Hold*
• 7 - (Reserved for future use)*
• 8 - Remove from CRL*
Values marked with an asterisk (*) are valid reasonCode parameters that
are not used in the default UserRevocation.html form. These values
should generally not be used for client self-revocation.
string
The serial number of the certificate to be revoked. This parameter is used for
manual revocation: either a serial number or a subject name is used to
identify the certificate to be revoked.
string
The subject distinguished name (DN) of the certificate to be revoked.
Chapter 3 End-Entity Interface Reference
Revocation Interface
91