You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Miroslav Nachev <mi...@space-comm.com> on 2007/03/01 16:11:47 UTC
JAVASEC - RFC-3280 4.2.1.14. CRL Distribution Points
Hi,
I found that I can not do the certificate validation because in the
checked certificate for the distribution point are associated
"onlySomeReasons":
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl.infonotary.com/crl/qsign-company-ca.crl
CRL Reason=Key Compromise, Affiliation Changed, Cessation of
Operation, Certificate Hold (56)
[2]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=ldap://ldap.infonotary.com/dc=qsign-company-ca,dc=infonotary,dc=com
CRL Reason=Key Compromise, Affiliation Changed, Cessation of
Operation, Certificate Hold (56)
The CRL Checker in JDK6 assume that the distribution point contain
revocations for all reason codes and that conflict the certificate can
not be validated.
My question is why you assume that ALL certificates in the world MUST
contain all CRL reason codes? Is this some unwritten rule?
Best Regards,
Miroslav Nachev