Hi,
can I store the normal CRL in the attribute authorityRevocationList of
the LDAP too and if I have to revoke a certificate or ca-certificate I
store the CRL in both attributes (authorityRevocationList and
certificateRevocationList).
The difference between bot CRLs is that the revocation via the
authorityRevocationList revokes all certificates which are signed with
this certificate. This is no problem for a user certificate because no
other certificates are affected but is it really allowed or does this
solution cause serious problems?
Any ideas?
Thanks, Michael
--
----------------------------------------------------------------------------
Michael Bell Email: [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email (work):
[EMAIL PROTECTED]
Humboldt-University of Berlin Tel.(work): +49 (0)30-2093 2482
Unter den Linden 6 Fax.(work): +49 (0)30-2093 2959
10099 Berlin
Germany [OpenCA Core
Developer]
http://openca.sourceforge.net
S/MIME Cryptographic Signature
