Revocation checking methods list which is an ordered list of certificate
revocation checking methods to be employed while verifying peer
certificates issued by the CA corresponding to this trust point entry. The
value of this object is a ordered list of one or more 1-octet values, where
each 1-octet value corresponds to a method in the revocation checking
method enumeration:
- none (1) - No revocation status checking needed; instead consider
the certificate as not revoked.
- crl (2) - Use CRL for checking the revocation status of certificates.
- ocsp (3) - Use OCSP for checking the revocation status of
certificates.
If none occurs in the list, it should be the last value. The octets after the
last value in the ordered list should be zero octets.
The order in which the revocation checking methods occur within the
value of this object determines the order the revocation checking
methods are attempted during the verification of a peer certificate. The
default value (after row creation) contains only the revocation checking
method crl.
|