1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Software
  5. NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
  6. Manual

Crldistributionpointsext Plug-In Module; Configuration Parameters Of Crldistributionpointsext - Netscape MANAGEMENT SYSTEM 6.01 - PLUG-IN Manual

Hide thumbs
Table of Contents

Advertisement

CRLDistributionPointsExt Plug-in Module

CRLDistributionPointsExt Plug-in Module
The
plug-in module implements the CRL
CRLDistributionPointsExt
distribution points extension policy. This policy enables you to configure
Certificate Management System to add the CRL Distribution Points Extension
defined in X.509 and PKIX standard RFC 2459 (see
) to certificates. This extension, when
http://www.ietf.org/rfc/rfc2459.txt
present in a certificate, identifies one or more locations from where the application
that is validating the certificate can obtain the CRL information (to verify the
revocation status of the certificate).
For general guidelines on setting the CRL distribution points extension in
certificates, see "cRLDistributionPoints" on page 343.
The CRL distribution points extension policy in Certificate Management System
enables you to specify pointers to one or more CRL locations. The pointers can be
in these forms: the name of the X.500 directory that stores the CRL, the URI to the
location that contains the CRL, or both.
Note that in the current implementation, the policy supports only two name forms
for distribution points, X.500 Directory Name and URI; URIs described in this
document support two CRL retrieval mechanisms, LDAP-based and HTTP-based.
Optionally, each distribution point may contain a set of reason flags, indicating
what revocation reasons are covered by the CRL at that location. Also, the
distribution point location can be relative to the location of the issuer. In this last
case, the
and
parameters should be included to give the
issuerName
issuerType
location of the issuer.
You can modify the policy to support any name form by making appropriate
changes to the sample code provided for this purpose. The sample code is located
here:
<server_root>/cms_sdk/cms_jdk/samples/policies
During installation, Certificate Management System automatically creates an
instance of the CRL distribution points extension policy. See
"CRLDistributionPointsExt Rule" on page 167.
Configuration Parameters of
CRLDistributionPointsExt
In the CMS configuration file, the
module is
CRLDistributionPointsExt
identified as
<subsystem>.Policy.impl.CRLDistributionPointsExt.class=
, where
is
com.netscape.cms.policy.CRLDistributionPointsExt
<subsystem>
or
(prefix identifying the subsystem).
ca
ra
Chapter 4
Certificate Extension Plug-in Modules
163

Advertisement

Table of Contents
loading

Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN

Related Content for Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN

This manual is also suitable for:

Certificate management system 6.01

Table of Contents