CRL profiles
See below for the practice statement on Certificate Revocation List (CRL) profiles.
CRL fields
The CAs use the following fields of the X.509 version 2 CRL format.
| Field | Value |
|---|---|
| version | Set to v2 |
| Signature | Identifier of the algorithm used to sign the CRL |
| Issuer | The full Distinguished Name of the CA issuing the CRL |
| This update | Time of CRL issuance |
| Next update | Time of next expected CRL update |
| Revoked certificates | List of revoked Certificate information |
Version numbers
No stipulation.
CRL entry extensions
CRLs issued support the following extensions.
- Authority Key Identifier
- crlNumber
- invalidityDate
- expiredCertsOnCRL