Ask a Question

Advanced Search

Solution ID : SO10559

Last Modified : 05/02/2018

What is a CRL Distribution Point

Problem

What is a CRL Distribution Point

Solution

A CRL Distribution Point is an interface representing a distribution point, a list of which constitutes a CRL distribution points extension.

CRL Distribution Points, as specifies for x509 v2 CRLs, fragment the full set of certificates issued by the authority into sub-sets, so that each fragment can have its own smaller CRL. Each x509 v3 certificate has a pointer to the CRL fragment where its revocation is indicated.

Each distribution point expresses how CRL information is to be obtained. Each distribution point contains a name and optionally reasons for revocation and the CRL issuer name. The distribution point name may be given as a full name, or relative to the CRL issuer. An absent CRL issuer name effectively means that it is the same as the certificate issuer. The reasons, if present, defines possible reasons for a certificate being included in the CRL. If absent, the CRL must include revocation information for all reasons.