This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
CRL distribution points
CRL distribution points

Version management

Difference between version and

At line 1 added 22 lines
From [http://www.openssl.org/docs/apps/x509v3_config.html#CRL_distribution_points_]
!!!CRL distribution points.
This is a multi-valued extension whose options can be either in name:value pair using the same form as subject alternative name or a single value representing a section name containing all the distribution point fields.
For a name:value pair a new DistributionPoint with the fullName field set to the given value both the cRLissuer and reasons fields are omitted in this case.
In the single option case the section indicated contains values for each field. In this section:
If the name is ``fullname'' the value field should contain the full name of the distribution point in the same format as subject alternative name.
If the name is ``relativename'' then the value field should contain a section name whose contents represent a DN fragment to be placed in this field.
The name ``CRLIssuer'' if present should contain a value for this field in subject alternative name format.
If the name is ``reasons'' the value field should consist of a comma separated field containing the reasons. Valid reasons are: ``keyCompromise'', ``CACompromise'', ``affiliationChanged'', ``superseded'', ``cessationOfOperation'', ``certificateHold'', ``privilegeWithdrawn'' and ``AACompromise''.
Simple examples:
{{{
crlDistributionPoints=URI:http://myhost.com/myca.crl
crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
}}}
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop