[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: crl add?

To: openldap-software@OpenLDAP.org
Subject: Re: crl add?
From: Michael Ströder <michael.stroeder@inka.de>
Date: Tue, 24 Aug 1999 08:49:39 +0200
Organization: at Home
References: <GN009175897965.23139@mail0.21cn.com>

cellecial@21cn.com wrote:
> 
> I want to add certificateRevocationList
> In rfc2256, I find objectclass cRLDistributionPoint which
> can match our needs.

IMHO cRLDistributionPoint is more a pointer to a location where to
download a CRL.

Have a look at objectclass "certificationAuthority" in your
slapd.oc.conf file which is the appropriate object class to store CA
certs and CRLs. Modify this to have ;binary as suffixes for attributes
authorityRevocationList, certificateRevocationList and cACertificate.

> You see,it didn't show the content of CRL.
> What's wrong? How to add a crl?

Which format does your CRL file have? You have to put DER encoded CRLs
into the attribute certificateRevocationList;binary.

BTW it depends where Netscape wants to load the CRL or where you told
Netscape to download the CRL. Which CA software are you using? Maybe the
software provides a HTTP access to download the CRL?

Ciao, Michael.

References:
- crl add?
  - From: cellecial@21cn.com

Prev by Date: Re: LDAP properties in Netscape
Next by Date: Deleting Items
Index(es):
- Chronological
- Thread