Release Notes › Policy Server Release Notes › Defects Fixed in SiteMinder Releases › Defects Fixed for 6.0 SP1 › Policy Server Cannot Make a Distribution Point Request to a PKI Certificate Authority (27974, 27599)

Policy Server Cannot Make a Distribution Point Request to a PKI Certificate Authority (27974, 27599)

The Policy Server has been fixed to correctly retrieve distribution points from a certificate and thus can correctly make a formal Distribution Point request to the PKI Certificate Authority.

Supported formats are:

• URL - ldap://<server-name>:<port_number>/<DN-of-Entity containing the CRL>

  Example:

  [1] CRL Distribution Point
  Distribution Point Name:
  Full Name:
  URL=ldap://server.company.com:8080/uid=Certificate Manager,ou=people,dc=netegrity,dc=com
  

• Directory Address - <DN-of-Entity containing the CRL>

  Example:

  [1] CRL Distribution Point
  Distribution Point Name:
  Full Name:
  Directory Address: uid=Certificate Manager,ou=people,dc=netegrity,dc=com
  

Additional notes on supported formats:

• When using the URL format, the server name and port contained in the URL has to exist in the list of configured user directories in the Policy Server. This is because the Policy Server needs credentials to access this user store when searching for the CRL attribute. Thus the directory server configured in the Certificate Mapping dialog box is not used.
• When using the Directory Address format, the Policy Server uses the info obtained from the distribution point string as an entry point for searching the directory server configured in the Certificate Mapping dialog box.
• When there are multiple distribution points in the certificate, the first Directory Address formatted distribution point gets used. Similarly when there are no Directory Address formatted distribution points, the first URL formatted distribution point gets used.