[Date Prev][Date Next]
Re: crl add?
> I want to add certificateRevocationList
> In rfc2256, I find objectclass cRLDistributionPoint which
> can match our needs.
IMHO cRLDistributionPoint is more a pointer to a location where to
download a CRL.
Have a look at objectclass "certificationAuthority" in your
slapd.oc.conf file which is the appropriate object class to store CA
certs and CRLs. Modify this to have ;binary as suffixes for attributes
authorityRevocationList, certificateRevocationList and cACertificate.
> You see,it didn't show the content of CRL.
> What's wrong? How to add a crl?
Which format does your CRL file have? You have to put DER encoded CRLs
into the attribute certificateRevocationList;binary.
BTW it depends where Netscape wants to load the CRL or where you told
Netscape to download the CRL. Which CA software are you using? Maybe the
software provides a HTTP access to download the CRL?