CRLDistributionPoints Extension

Sterling External Authentication Server supports the CRLDistributionPoints Extensions for identifying how to obtain certificate revocation list information. Using CRL Definitions you create and the CRL information included in some certificates, Sterling External Authentication Server can locate the appropriate directory and CRL.

When the CRLDistributionPoints extension references a CRL definition, the CRL definition provides all information for the CRL except for the following details that are always provided by the extension:

• Directory Name distribution points—The DN specified in the extension overrides the Base DN specified in CRL definition and the scope is always set to Base.
• URI distribution points—The protocol, host, port, and query specified in a CRL definition are overridden by the protocol, host, port, and query information for the URI specified in the extension. For LDAP this includes the Base DN, Scope, Match Attributes, and Return Attributes.