[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Retrieve CRL
Marcus Lee wrote:
>
> I am a novice of LDAP. I want to get a CRL (BER format) from a Directory
> server to verify a certificate.
Have a look at slapd.oc.conf:
------------------------------------------------------------
objectclass certificationAuthority
requires
objectClass,
authorityRevocationList,
certificateRevocationList,
cACertificate
allows
crossCertificatePair
------------------------------------------------------------
Use cACertificate;binary to store the CA cert DER-encoded. Use
certificateRevocationList;binary to store the CRL issued by a CA
DER-encoded.
> What I got at hand is a certificate.
> Which fields should I extract from it in order to form a query to search
> for the corresponding CRL. Moreover, what are the names of the
> attributes in CRL object.
This is more a PKI related issue - you're completely wrong with this
question on this mailing list. You probably want to use
http://www.openssl.org/, subscribe to openssl-users@openssl.org and want
to learn more about X.509v3 extended certificate attributes (e.g.
nsCaRevocationUrl for Netscape or crlDistributionPoints in PKIX).
Ciao, Michael.