Re: [Pki-users] Re: No CDP by default?

Hi Christina, That worked. Thanks for your help. Though minor, it appears the Red Hat documentation for IssuerType and IssuerName is also switched, correct? Thanks, Chris Cayetano http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Gu... *IssuerName_ n * Specifies the name of the issuer that has signed the CRL maintained at the distribution point. The name can be in any of the following formats: - RFC822Name - DirectoryName - DNSName - EDIPartyName - *URIName* - IPAddress - OIDName - OtherName *IssuerType_ n * Specifies the general name type of the CRL issuer that signed the CRL. The permissible values are as follows: - For RFC822Name, the value must be a valid Internet mail address. For example, testCA(a)example.com. - For DirectoryName, the value must be a string form of X.500 name, similar to the subject name in a certificate. For example, cn=SubCA, ou=Research Dept, o=Example Corporation, c=US. - For DNSName, the value must be a valid fully-qualified domain name. For example, testCA.example.com. - For EDIPartyName, the value must be an IA5String. For example, Example Corporation. - * For URIName, the value must be a non-relative URI following the URL syntax and encoding rules. The name must include both a scheme, such as http, and a fully qualified domain name or IP address of the host. For example, http://testCA.example.com.* - For IPAddress, the value must be a valid IP address. An IPv4 address must be in the format n.n.n.n or n.n.n.n,m.m.m.m. For example, 128.21.39.40 or 128.21.39.40,255.255.255.00. An IPv 6 address with netmask is separated by a comma. For example, 0:0:0:0:0:0:13.1.68.3, FF01::43, 0:0:0:0:0:0:13.1.68.3,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF: 255.255.255.0, and FF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000. - For OIDName, the value must be a unique, valid OID specified in dot-separated numeric component notation. For example, 1.2.3.4.55.6.5.99. - OtherName is used for names with any other format; this supports PrintableString, IA5String, UTF8String, BMPString, Any, and KerberosName. PrintableString, IA5String, UTF8String, BMPString, and Any set a string to a base-64 encoded file specifying the subtree, such as /var/lib/rhpki-ca/othername.txt. KerberosName has the format * Realm|NameType|NameStrings*, such as realm1|0|userID1,userID2. The value for this parameter must correspond to the value in the issuerNamefield. On Mon, Apr 14, 2008 at 7:30 AM, Christina Fu <cfu(a)redhat.com&gt; wrote: