[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: crl add?

cellecial@21cn.com wrote:
> I want to add certificateRevocationList
> In rfc2256, I find objectclass cRLDistributionPoint which
> can match our needs.

IMHO cRLDistributionPoint is more a pointer to a location where to
download a CRL.

Have a look at objectclass "certificationAuthority" in your
slapd.oc.conf file which is the appropriate object class to store CA
certs and CRLs. Modify this to have ;binary as suffixes for attributes
authorityRevocationList, certificateRevocationList and cACertificate.

> You see,it didn't show the content of CRL.
> What's wrong? How to add a crl?

Which format does your CRL file have? You have to put DER encoded CRLs
into the attribute certificateRevocationList;binary.

BTW it depends where Netscape wants to load the CRL or where you told
Netscape to download the CRL. Which CA software are you using? Maybe the
software provides a HTTP access to download the CRL?

Ciao, Michael.