In
order to ensure the certificates can be trusted, applications are required
to check certificates against current certificate revocation lists (CRLs).
These CRLs are available in the ECA/IECAs' directories, and the following
information can be used to form the necessary LDAP queries:
ECA Name-
ORC
Host:Port-
eca-ds.orc.com:389
Base DN-
uid=OIECA,ou=IECA-1,ou=Contractor,ou=PKI,ou=DoD,O=U.S. Government,C=US
Attribute-
certificaterevocationlist;binary
IECA Name-
DST
Host:Port-
ldap.digsigtrust.com:389
Base DN- ou=IECA-2,ou=Contractor,ou=PKI,ou=DOD,o=U.S.
Government,c=US
Attribute-
certificateRevocationList;binary
IECA Name-
VeriSign
Host:Port-
directory.verisign.com
Base DN- OU=IECA-3,OU=Contractor,OU=PKI,OU=DOD,O=U.S.
Government,C=US
Attribute-
certificateRevocationList;binary
|