[Pki-users] Re: No CDP by default?

Chris Cayetano chriscayetano at gmail.com
Mon Apr 14 15:52:43 UTC 2008 

Hi Christina,

That worked. Thanks for your help. Though minor, it appears the Red Hat
documentation for IssuerType and IssuerName is also switched, correct?

Thanks,
Chris Cayetano

http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Defaults_Reference-CRL_Distribution_Points_Extension_Default.html


 *IssuerName_ n *

Specifies the name of the issuer that has signed the CRL maintained at the
distribution point. The name can be in any of the following formats:

   -

   RFC822Name
   -

   DirectoryName
   -

   DNSName
   -

   EDIPartyName
   -

   *URIName*
   -

   IPAddress
   -

   OIDName
   -

   OtherName

   *IssuerType_ n *

Specifies the general name type of the CRL issuer that signed the CRL. The
permissible values are as follows:

   -

   For RFC822Name, the value must be a valid Internet mail address. For
   example, testCA at example.com.
   -

   For DirectoryName, the value must be a string form of X.500 name,
   similar to the subject name in a certificate. For example, cn=SubCA,
   ou=Research Dept, o=Example Corporation, c=US.
   -

   For DNSName, the value must be a valid fully-qualified domain name.
   For example, testCA.example.com.
   -

   For EDIPartyName, the value must be an IA5String. For example, Example
   Corporation.
   -

   * For URIName, the value must be a non-relative URI following the URL
   syntax and encoding rules. The name must include both a scheme, such as
   http, and a fully qualified domain name or IP address of the host. For
   example, http://testCA.example.com.*
   -

   For IPAddress, the value must be a valid IP address. An IPv4 address
   must be in the format n.n.n.n or n.n.n.n,m.m.m.m. For example,
   128.21.39.40 or 128.21.39.40,255.255.255.00. An IPv 6 address with
   netmask is separated by a comma. For example, 0:0:0:0:0:0:13.1.68.3,
   FF01::43, 0:0:0:0:0:0:13.1.68.3,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:
   255.255.255.0, and FF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000.
   -

   For OIDName, the value must be a unique, valid OID specified in
   dot-separated numeric component notation. For example,
   1.2.3.4.55.6.5.99.
   -

   OtherName is used for names with any other format; this supports
   PrintableString, IA5String, UTF8String, BMPString, Any, and
   KerberosName. PrintableString, IA5String, UTF8String, BMPString, and
   Any set a string to a base-64 encoded file specifying the subtree,
   such as /var/lib/rhpki-ca/othername.txt. KerberosName has the format *
   Realm|NameType|NameStrings*, such as realm1|0|userID1,userID2.

 The value for this parameter must correspond to the value in the
issuerNamefield.





On Mon, Apr 14, 2008 at 7:30 AM, Christina Fu <cfu at redhat.com> wrote:

> Hi, your values for crlDistPointsIssuerType_0 and crlDistPointsIssueName_0
> need to be switched.  Let me know if this helps.
>
> Christina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20080414/3076c33e/attachment.htm>

More information about the Pki-users mailing list