Re: [Pki-users] CRL Distribution Points

Monday, 17 June 2019

On Mon, Jun 17, 2019 at 12:30:22PM +0000, Goeman, Stefan wrote:
...
 Hello,

 Is it possible with the dogtag PKI to issue certificates have contain a CRL Distribution
Point certificate extension?
 I would like to work with a CRL web server, instead of using OCSP.

 Much thanks in advance for your feedback!

 Greetings,
 Stefan Goeman
  Hi Stefan,

Yes, Dogtag supports CRL Distribution Point extension.  Example
profile configuration:

policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
policyset.serverCertSet.9.constraint.name=No Constraint
policyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl
policyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default
policyset.serverCertSet.9.default.params.crlDistPointsCritical=false
policyset.serverCertSet.9.default.params.crlDistPointsNum=1
policyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true
policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=CN=Certificate
Authority,o=ipaca
policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName
policyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://...
policyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName
policyset.serverCertSet.9.default.params.crlDistPointsReasons_0=

Hope that helps!
Fraser

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [Pki-users] CRL Distribution Points