[Pki-users] DogTAG PKI - crlDistributionPoints cert profile: Type_0 : URIName error
Frederic d'Huart
fdh at x-zone.org
Fri Oct 22 09:56:28 UTC 2010
Hello Pki users,
Section B.1.4. of the RH admin guide refers to the following acceptable
values
for crlDistributionPoint Type:
DirectoryName
URIName
RelativeToIssuer
Using PKIConsole, I have added to the caUserCert profile a policy for
include a CDP as follow:
policyset.userCertSet.13.default.name=CRL Distribution Points Extension
Default
policyset.userCertSet.13.default.params.crlDistPointsCritical=false
policyset.userCertSet.13.default.params.crlDistPointsEnable_0=true
policyset.userCertSet.13.default.params.crlDistPointsPointType_0=URIName
policyset.userCertSet.13.default.params.crlDistPointsPointName_0=http://xxx.xxx.xxx/crl/xxx.crl
policyset.userCertSet.13.default.params.crlDistPointsReasons_0=
after profile re-activated, and new request generated, I get the
following error on the agent interface:
The Certificate System has encountered an unrecoverable error.
Error Message:
/java.lang.ClassCastException: netscape.security.x509.Extension cannot
be cast to netscape.security.x509.CRLDistributionPointsExtension/
Please contact your local administrator for assistance.
Any Ideas what could be wrong ?
Thank you.
More information about the Pki-users
mailing list