RE: Please help me!

Wed, 26 Sep 2001 16:44:29 -0700 

Valery --

        This field in a certificate points to where the issuer will make its
certificate revocation list available. If you are using OpenSSL or OpenCA
(based off of OpenSSL) to issue your certificates you will want to probably
put up a web server or LDAP capable directory where you can make your
certificate revocation list available; refer to the absolute URL for this
list in this extension. You may also want to include an AIA
(authorityInformationAccess) extension as well, this can point to a OCSP
responder capable of responding with individual certificate statuses.

The Microsoft platform implements its revocation handling in a library
called cryptnet.dll; this supports all the transports that WinInet supports
(http/s,ftp,ldap/s,file). When the CryptoAPI applications that use
revocation checking (Outlook can be configured to do this and in Office XP
it is the default behavior), cryptnet will attempt to retrieve the CRL
specified in this extension and use it for revocation checking. There are
also alternate revocation providers available windows that implement
additional protocols (OCSP, SCVP, CRL, CRLdp); ValiCert produces one such
provider.

I hope this helps.

Ryan 

-----Original Message-----
From: Valery [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 26, 2001 1:12 AM
To: [EMAIL PROTECTED]
Subject: Please help me!

Hello!
I used the certificate extensions "crlDistributionPoints" in my openssl.cnf
file.
And I faced the following problem.

What should I indicate in thihs field (crlDistributionPoints)?

I need that MS Outlook Express checks if the certificate has been revoked or
not when it is on-line? What do I need to do?

Yours faithfully,
    Valery
E-mail: [EMAIL PROTECTED]






______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to