[Pki-users] CRL Distribution Points
Christina Fu
cfu at redhat.com
Wed Jun 19 16:30:06 UTC 2019
Hi,
We also welcome feedback to our documentation:
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html-single/administration_guide/index#CRL_Distribution_Points_Extension_Default
thanks,
Christina
On Mon, Jun 17, 2019 at 6:40 AM Fraser Tweedale <ftweedal at redhat.com> wrote:
> On Mon, Jun 17, 2019 at 12:30:22PM +0000, Goeman, Stefan wrote:
> > Hello,
> >
> > Is it possible with the dogtag PKI to issue certificates have contain a
> CRL Distribution Point certificate extension?
> > I would like to work with a CRL web server, instead of using OCSP.
> >
> > Much thanks in advance for your feedback!
> >
> > Greetings,
> > Stefan Goeman
> >
> Hi Stefan,
>
> Yes, Dogtag supports CRL Distribution Point extension. Example
> profile configuration:
>
> policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
> policyset.serverCertSet.9.constraint.name=No Constraint
>
> policyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl
> policyset.serverCertSet.9.default.name=CRL Distribution Points Extension
> Default
> policyset.serverCertSet.9.default.params.crlDistPointsCritical=false
> policyset.serverCertSet.9.default.params.crlDistPointsNum=1
> policyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true
> policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate
> Authority,o=ipaca
>
> policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName
> policyset.serverCertSet.9.default.params.crlDistPointsPointName_0=
> http://example.com/ipa/crl/MasterCRL.bin
> policyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName
> policyset.serverCertSet.9.default.params.crlDistPointsReasons_0=
>
> Hope that helps!
> Fraser
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190619/748ec9b6/attachment.htm>
More information about the Pki-users
mailing list