A complex data type that contains information about revoked
certificates. RevocationInformation variables are
members of CertificateInformation variables.
For information about data that can be accessed using Xpath Expressions,
see Data items.
Data itemsThe data items that RevocationInformation variables
contain.
dataA byte value
that represents the revocation identifier.
sourceA string value
that represents the source that was used to retrieve revocation information.
statusA string value
that represents the status of the revocation for the certificate. These
values are string valid:
- Unknown:
- The status could not be verified.
- Cache:
- The status of the revocation is cached on LiveCycle Server.
- Online:
- The status of the revocation is determined by accessing the
network.
- Embedded:
- The status of the revocation is embedded from the certificate.
- DocumentSecurityStore:
- The status of the revocation is retrieved from the trust
store settings on LiveCycle Server.
statusMessageA string value
that represents the revocation status message. The messages provide
information about the reason for the revocation. For example, a
message such as “Must sign the OCSP request” means that the OCSP
response must be signed. The following are valid messages where [Addition information provided.] represents
additional information provided by LiveCycle Server.
OCSPNoCheck Extension is not allowed
OCSP CertHash Extension is required
OCSP CertHash in the response does not match the request
certificate
Must sign the OCSP request
OCSP response signature is invalid
OCSP request generation error: [Addition information provided.]
OCSP request was null
OCSP response parsing error: [Addition information provided.]
OCSP transport error: [Addition information provided.]
OCSP response has expired or is not yet valid
OCSP response and request nonce does not match
No CRL DPs found
Unable to process a CRL DP: [Addition information provided.]
Unable to retrieve CRL from: [Addition information provided.] with
error:
CRL thisUpdate is in the future
CRL has expired or is not yet valid
This is a delta CRL. Delta CRLs are not supported in this
version.
CRL parsing error: [Addition information provided.]
CRL KeyID does not match
CRL Authority Key ID extension is required
CRL signature verification with issuer failed
CRL Verification failure error: [Addition information provided.]
CRL Issuer does not have a valid key usage
No Valid CRL issuer found
CRL or one of its entries contains an unrecognized critical
extension
No Valid CRL found in messages that can be returned:
typeA string value
that represents the type of revocation information used. These string
values are valid:
- CRL:
- Certificate Revocation List
- OCSP:
- Online Certificate Status Protocol
validFromA dateTime value
that specifies the start date and time when the revocation is first
valid.
validToA dateTime value
that specifies the end date and time the revocation is valid. If this
value is empty, the revocation information did not have a NextUpdate
value present.
|
|
|