Re: [Pki-users] CRL Distribution Points

Wed, 19 Jun 2019 09:32:18 -0700 

Hi,
We also welcome feedback to our documentation:
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html-single/administration_guide/index#CRL_Distribution_Points_Extension_Default

thanks,
Christina

On Mon, Jun 17, 2019 at 6:40 AM Fraser Tweedale <[email protected]> wrote:

> On Mon, Jun 17, 2019 at 12:30:22PM +0000, Goeman, Stefan wrote:
> > Hello,
> >
> > Is it possible with the dogtag PKI to issue certificates have contain a
> CRL Distribution Point certificate extension?
> > I would like to work with a CRL web server, instead of using OCSP.
> >
> > Much thanks in advance for your feedback!
> >
> > Greetings,
> > Stefan Goeman
> >
> Hi Stefan,
>
> Yes, Dogtag supports CRL Distribution Point extension.  Example
> profile configuration:
>
> policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
> policyset.serverCertSet.9.constraint.name=No Constraint
>
> policyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl
> policyset.serverCertSet.9.default.name=CRL Distribution Points Extension
> Default
> policyset.serverCertSet.9.default.params.crlDistPointsCritical=false
> policyset.serverCertSet.9.default.params.crlDistPointsNum=1
> policyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true
> policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate
> Authority,o=ipaca
>
> policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName
> policyset.serverCertSet.9.default.params.crlDistPointsPointName_0=
> http://example.com/ipa/crl/MasterCRL.bin
> policyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName
> policyset.serverCertSet.9.default.params.crlDistPointsReasons_0=
>
> Hope that helps!
> Fraser
>
> _______________________________________________
> Pki-users mailing list
> [email protected]
> https://www.redhat.com/mailman/listinfo/pki-users
>

_______________________________________________
Pki-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-users

Reply via email to