[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Retrieve CRL



Marcus Lee wrote:
> 
> I am a novice of LDAP. I want to get a CRL (BER format) from a Directory
> server to verify a certificate.

Have a look at slapd.oc.conf:
------------------------------------------------------------
objectclass certificationAuthority
        requires
                objectClass,
                authorityRevocationList,
                certificateRevocationList,
                cACertificate
        allows
                crossCertificatePair
------------------------------------------------------------

Use cACertificate;binary to store the CA cert DER-encoded. Use
certificateRevocationList;binary to store the CRL issued by a CA
DER-encoded.

> What I got at hand is a certificate.
> Which fields should I extract from it in order to form a query to search
> for the corresponding CRL. Moreover, what are the names of the
> attributes in CRL object.

This is more a PKI related issue - you're completely wrong with this
question on this mailing list. You probably want to use
http://www.openssl.org/, subscribe to openssl-users@openssl.org and want
to learn more about X.509v3 extended certificate attributes (e.g.
nsCaRevocationUrl for Netscape or crlDistributionPoints in PKIX).

Ciao, Michael.