3.2.1.1 RevocationConfigurationList
The server implementing the Microsoft OCSP Administration Protocol must maintain a list of revocation configurations, each of which represents a CA certificate for which the server can provide an OCSP response. This list will be referenced as RevocationConfigurationList.
Each revocation configuration in the list has a set of properties referenced as RevocationConfigurationProperties.
Within RevocationConfigurationProperties, there is a property called "Provider" that comprises a set of properties referenced as RevocationProviderProperties.
Unless a property is otherwise specified as optional in the table below, it is a required property.
|
Property name |
Meaning |
|---|---|
|
RevocationConfigurationId |
A string value that uniquely identifies the revocation configuration. |
|
CACertificate |
Binary data that contains the certificate holding the CA public key corresponding to this revocation configuration. This is the key of the CA that issued the certificate whose status is being checked. |
|
HashAlgorithmId |
An optional string property whose value is the name of the hash algorithm that is used in signing the OCSP responses generated by the responder. |
|
SigningFlags |
An optional unsigned integer value that specifies flags to control the selection of the private key to be used for signing OCSP responses for this revocation configuration. |
|
SigningCertificate |
An optional binary value that contains the certificate corresponding to the private key used for signing OCSP responses for this revocation configuration. |
|
ProviderCLSID |
A string property whose value is the string representation of the class identifier (CLSID) for the revocation provider COM server that is used by this revocation configuration to check the status of a certificate. |
|
Provider |
List of revocation provider properties in section 3.2.1.1.1. |
|
SigningCertificateTemplate |
An optional string property whose value is the common name of the certificate template [MS-CRTD] to be used by the responder (if configured) to create a certificate request for the signing certificate. |
|
CAConfig |
An optional string property whose value is the configuration string for the CA [MS-WCCE] to which the responder (if configured) submits the certificate request for the signing certificate. |
|
LocalRevocationInformation |
Optional binary value that contains the certificate revocation list (CRL) to be used for revocation checking at the responder for a particular revocation configuration. |
|
KeySpec |
The key specification indicates whether the key bound to the configuration is used for encryption or for signing content. This property is not set directly using the SetCAConfigInformation method. Rather, a SigningCertificate is assigned, and the KeySpec value returned with the GetCAConfigInformation is based on the SigningCertificate. (Optional) |
|
CSPName |
The cryptographic service provider (CSP) used by the responder to sign OCSP responses for this revocation configuration. (Optional) |
|
ErrorCode |
The status of this revocation configuration. (Optional) |
|
ReminderDuration |
The reminder duration is expressed as a percentage of the signing certificate validity period and defines the time at which the responder will notify the administrator that the signing certificate is nearing the end of its lifetime. The default value is 90, but this value can be modified. (Optional) |