Confirm, administrator
5,526
edits
Changes
Added section about hierarchy of reasons
* The revocation date may only be changed when the current or updated CRLReason is keyCompromise.
** The revocation date may be changed to a date that is before the current/existing revocationDate. It should never be changed to a date that is later than a previously set date.
== Hierarchy of Reasons ==
The revocation reason codes listed in section 6.1.1 of Mozilla's Root Store Policy are listed in order of priority such that if the situation is that multiple revocation reasons apply, the revocation reason of higher priority (as per the list) should be indicated.
# keyCompromise (RFC 5280 CRLReason #1)
# privilegeWithdrawn (RFC 5280 CRLReason #9)
# cessationOfOperation (RFC 5280 CRLReason #5)
# affiliationChanged (RFC 5280 CRLReason #3)
# superseded (RFC 5280 CRLReason #4)
For example, if both privilegeWithdrawn and cessationOfOperation apply, then privilegeWithdrawn should be used.
== OCSP ==
