previous
next
A CRL in the LDAP directory can only be located if the LDAP distinguished name (DN) exactly matches the contents of the Issuer field in the CRL. For example, if the Issuer field of the CRL displays the following objects:
CN = Some CA
O = Acme
C = US
The DN of the entry in the LDAP directory must be exactly: "CN = Some CA, O=Acme, C = US".
The attributes of the LDAP entry identified by this DN must include one of the following. (These attributes are searched for in order from top to bottom.)
|
Attribute |
OID (Object Identifier) |
|---|---|
|
certificateRevocationList;binary |
2.5.4.39 |
|
authorityRevocationList;binary |
2.5.4.38 |
|
certificateRevocationList |
2.5.4.39 |
|
authorityRevocationList |
2.5.4.38 |
|
deltaRevocationList;binary |
2.5.4.53 |
|
deltaRevocationList |
2.5.4.53 |
|
mosaicCertificateRevocationList |
2.16.840.1.101.2.1.5.45 |
|
sdnsCertificateRevocationList |
2.16.840.1.101.2.1.5.44 |
|
fortezzaCertificateRevocationList |
2.16.840.1.101.2.1.5.45 |