Basic CRL policy
- OuterSigAlgID
- Signature
- Version
- InnerSigAlgID
- Issuer
- ThisUpdate
- NextUpdate
- RevokedCertificate
- UserCertificate
- RevocationDate
There are no supported CRLEntry extensions. See step 7 of Basic path validation policy for further information.
The supported CRL extensions for this policy are:
- AuthorityKeyID
- IssuerAltName
- CRLNumber
- IssuingDistributionPoint
- DistributionPoint
- DistributionPointName
- FullName (X.500 Name and LDAP Format URI only)
- NameRelativeToCRLIssuer (not supported)
- Reasons (ignored)
- CRLIssuer
- OnlyContainsUserCerts (not supported)
- OnlyContainsCACerts (not supported)
- OnlySomeReasons (not supported)
- IndirectCRL1 (rejected)
Parent topic:
Certificate validation and trust policy design on UNIX and Windows systems1 IndirectCRL extensions will result in CRL validation failing. IndirectCRL extensions must not be used because they cause identified certificates
sy12810_