previous
next
Reflection can locate a CRL in the LDAP directory only if the LDAP distinguished name (DN) exactly matches the contents of the Issuer field in the CRL. For example, if the Issuer field of the CRL displays the following objects:
CN = Some CA
O = Acme
C = US
The DN of the entry in the LDAP directory must be exactly: "CN = Some CA, O=Acme, C = US".
The attributes of the LDAP entry identified by this DN must include one of the following. (Reflection looks for these attributes in order from top to bottom.)
|
Attribute |
OID (Object Identifier) |
|---|---|
|
certificateRevocationList;binary |
2.5.4.39 |
|
authorityRevocationList;binary |
2.5.4.38 |
|
certificateRevocationList |
2.5.4.39 |
|
authorityRevocationList |
2.5.4.38 |
|
deltaRevocationList;binary |
2.5.4.53 |
|
deltaRevocationList |
2.5.4.53 |
|
mosaicCertificateRevocationList |
2.16.840.1.101.2.1.5.45 |
|
sdnsCertificateRevocationList |
2.16.840.1.101.2.1.5.44 |
|
fortezzaCertificateRevocationList |
2.16.840.1.101.2.1.5.45 |