Basic CRL policy
- OuterSigAlgID
- Signature
- Version
- InnerSigAlgID
- Issuer
- ThisUpdate
- NextUpdate
- RevokedCertificate
- UserCertificate
- RevocationDate
There are no supported CRLEntry extensions. See step 7 of Basic path validation policy for
further information.
The supported CRL extensions for this policy are:
- AuthorityKeyID
- IssuerAltName
- CRLNumber
- IssuingDistributionPoint
- DistributionPoint
- DistributionPointName
- FullName (X.500 Name and LDAP Format URI only)
- NameRelativeToCRLIssuer (not supported)
- Reasons (ignored)
- CRLIssuer
- OnlyContainsUserCerts (not supported)
- OnlyContainsCACerts (not supported)
- OnlySomeReasons (not supported)
- IndirectCRL1 (rejected)
IndirectCRL extensions will result in CRL validation failing.
IndirectCRL extensions must not be used because they cause identified certificates
to not be rejected.