Determining CRLDistURIn

If you are using DP CRLs (you specified a CRLDistSize value greater than 1 in the CertPolicy section of pkiserv.conf), you can choose to further customize your DP CRL processing to build the URI format name for the DP CRL in the CRLDistributionPoints extension of each certificate. The URI format name is built in addition to the LDAP distinguished name of the DP CRL, as described in Specifying the URI format.

This is an optional parameter. If you do not specify a CRLDistURIn value, the URI format name is not created. You can specify multiple entries for the CRLDistURIn parameter, using the parameters CRLDistURI1, CRLDistURI2, and so forth. This value is ignored if you did not specify CRLDistSize with a value greater than zero. The URI format is not created if you specify CRLDistURIn with an n value of 0.

There are different ways to specify the value of CRLDistURIn for different protocols. Valid values include one of the following strings:
  • A string that begins with the characters http:// or ldap://
  • A string that consists of LdapServern, where n is greater than zero.
Restriction: PKI Services provides syntax checking based only on valid values for the CRLDistURIn value. You must ensure that the URIs you choose can be accessed.
Parent topic: Customizing distribution point CRLs