RevocationInformation

A complex data type that contains information about revoked certificates. RevocationInformation variables are members of CertificateInformation variables.

For information about data that can be accessed using Xpath Expressions, see Data items.

Data items

The data items that RevocationInformation variables contain.

data

A byte value that represents the revocation identifier.

source

A string value that represents the source that was used to retrieve revocation information.

status

A string value that represents the status of the revocation for the certificate. These values are string valid:

Unknown:
The status could not be verified.

Cache:
The status of the revocation is cached on LiveCycle Server.

Online:
The status of the revocation is determined by accessing the network.

Embedded:
The status of the revocation is embedded from the certificate.

DocumentSecurityStore:
The status of the revocation is retrieved from the trust store settings on LiveCycle Server.

statusMessage

A string value that represents the revocation status message. The messages provide information about the reason for the revocation. For example, a message such as “Must sign the OCSP request” means that the OCSP response must be signed. The following are valid messages where [Addition information provided.] represents additional information provided by LiveCycle Server.

  • OCSPNoCheck Extension is not allowed

  • OCSP CertHash Extension is required

  • OCSP CertHash in the response does not match the request certificate

  • Must sign the OCSP request

  • OCSP response signature is invalid

  • OCSP request generation error: [Addition information provided.]

  • OCSP request was null

  • OCSP response parsing error: [Addition information provided.]

  • OCSP transport error: [Addition information provided.]

  • OCSP response has expired or is not yet valid

  • OCSP response and request nonce does not match

  • No CRL DPs found

  • Unable to process a CRL DP: [Addition information provided.]

  • Unable to retrieve CRL from: [Addition information provided.] with error:

  • CRL thisUpdate is in the future

  • CRL has expired or is not yet valid

  • This is a delta CRL. Delta CRLs are not supported in this version.

  • CRL parsing error: [Addition information provided.]

  • CRL KeyID does not match

  • CRL Authority Key ID extension is required

  • CRL signature verification with issuer failed

  • CRL Verification failure error: [Addition information provided.]

  • CRL Issuer does not have a valid key usage

  • No Valid CRL issuer found

  • CRL or one of its entries contains an unrecognized critical extension

  • No Valid CRL found in messages that can be returned:

type

A string value that represents the type of revocation information used. These string values are valid:

CRL:
Certificate Revocation List

OCSP:
Online Certificate Status Protocol

validFrom

A dateTime value that specifies the start date and time when the revocation is first valid.

validTo

A dateTime value that specifies the end date and time the revocation is valid. If this value is empty, the revocation information did not have a NextUpdate value present.