Hi Christina,

That worked. Thanks for your help. Though minor, it appears the Red Hat documentation for IssuerType and IssuerName is also switched, correct?

Chris Cayetano


IssuerName_ n

Specifies the name of the issuer that has signed the CRL maintained at the distribution point. The name can be in any of the following formats:

  • RFC822Name

  • DirectoryName

  • DNSName

  • EDIPartyName

  • URIName

  • IPAddress

  • OIDName

  • OtherName

IssuerType_ n

Specifies the general name type of the CRL issuer that signed the CRL. The permissible values are as follows:

  • For RFC822Name, the value must be a valid Internet mail address. For example, testCA@example.com.

  • For DirectoryName, the value must be a string form of X.500 name, similar to the subject name in a certificate. For example, cn=SubCA, ou=Research Dept, o=Example Corporation, c=US.

  • For DNSName, the value must be a valid fully-qualified domain name. For example, testCA.example.com.

  • For EDIPartyName, the value must be an IA5String. For example, Example Corporation.

  • For URIName, the value must be a non-relative URI following the URL syntax and encoding rules. The name must include both a scheme, such as http, and a fully qualified domain name or IP address of the host. For example, http://testCA.example.com.

  • For IPAddress, the value must be a valid IP address. An IPv4 address must be in the format n.n.n.n or n.n.n.n,m.m.m.m. For example, or, An IPv 6 address with netmask is separated by a comma. For example, 0:0:0:0:0:0:, FF01::43, 0:0:0:0:0:0:,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:, and FF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000.

  • For OIDName, the value must be a unique, valid OID specified in dot-separated numeric component notation. For example,

  • OtherName is used for names with any other format; this supports PrintableString, IA5String, UTF8String, BMPString, Any, and KerberosName. PrintableString, IA5String, UTF8String, BMPString, and Any set a string to a base-64 encoded file specifying the subtree, such as /var/lib/rhpki-ca/othername.txt. KerberosName has the format Realm|NameType|NameStrings, such as realm1|0|userID1,userID2.

The value for this parameter must correspond to the value in the issuerName field.

On Mon, Apr 14, 2008 at 7:30 AM, Christina Fu <cfu@redhat.com> wrote:
Hi, your values for crlDistPointsIssuerType_0 and crlDistPointsIssueName_0 need to be switched.  Let me know if this helps.