A native Windows CRL includes the following additional extensions : Authority Key Identifier CA Version Next CRL Publish
I was able to add Authority Key Identifier and CA Version via the new_oids section: msCAVersion=1.3.6.1.4.1.311.21.1 msCRLNextPublish=1.3.6.1.4.1.311.21.4 I also added the following to the crl_ext section: authorityKeyIdentifier=keyid:always,issuer:always msCAVersion=DER:02:01:00 ** Notice I was not able to add the msCRLNextPublish oid because I don't know how. I get this error, when trying to importing this CRL into Windows 2003: A required CRL extension is missing CertUtil: -dsPublish command FAILED: 0x80070490 (WIN32: 1168) CertUtil: Element not found. So I assume this means I need the CRL Next Publish oid somehow... Or I have something messed up above. Please help ----------------------------------------------------------------- DAVID BLAINE, GCIA , CISSP GDLS-C Lead Information Risk Manager (LIRM) CSC 6000 E. 17 Mile Rd. Sterling Heights MI 48313 GIS | o: 586.825.7650 | c: 810.217.8041 | f: 586.825.8606 | dblai...@csc.com | www.csc.com This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.