RevocationInformation

A complex data type that contains information about revoked certificates. RevocationInformation variables are members of CertificateInformation variables.

For information about data that can be accessed using Xpath Expressions, see Data items .

Data items

The data items that RevocationInformation variables contain.

data

A byte value that represents the revocation identifier.

source

A string value that represents the source that was used to retrieve revocation information.

status

A string value that represents the status of the revocation for the certificate. These values are string valid:

Unknown:
The status could not be verified.

Cache:
The status of the revocation is cached on the LiveCycle server.

Online:
The status of the revocation is determined by accessing the network.

Embedded:
The status of the revocation is embedded from the certificate.

DocumentSecurityStore:
The status of the revocation is retrieved from the trust store settings on the LiveCycle server.

statusMessage

A string value that represents the revocation status message. The messages provide information about the reason for the revocation. For example, a message such as “Must sign the OCSP request” means that the OCSP response must be signed. The following are valid messages where [Addition information provided.] represents additional information provided by the LiveCycle server.

  • OCSPNoCheck Extension is not allowed

  • OCSP CertHash Extension is required

  • OCSP CertHash in the response does not match the request certificate

  • Must sign the OCSP request

  • OCSP response signature is invalid

  • OCSP request generation error: [Addition information provided.]

  • OCSP request was null

  • OCSP response parsing error: [Addition information provided.]

  • OCSP transport error: [Addition information provided.]

  • OCSP response has expired or is not yet valid

  • OCSP response and request nonce does not match

  • No CRL DPs found

  • Unable to process a CRL DP: [Addition information provided.]

  • Unable to retrieve CRL from: [Addition information provided.] with error:

  • CRL thisUpdate is in the future

  • CRL has expired or is not yet valid

  • This is a delta CRL. Delta CRLs are not supported in this version.

  • CRL parsing error: [Addition information provided.]

  • CRL KeyID does not match

  • CRL Authority Key ID extension is required

  • CRL signature verification with issuer failed

  • CRL Verification failure error: [Addition information provided.]

  • CRL Issuer does not have a valid key usage

  • No Valid CRL issuer found

  • CRL or one of its entries contains an unrecognized critical extension

  • No Valid CRL found in messages that can be returned:

type

A string value that represents the type of revocation information used. These string values are valid:

CRL:
Certificate Revocation List

OCSP:
Online Certificate Status Protocol

validFrom

A dateTime value that specifies the start date and time when the revocation is first valid.

validTo

A dateTime value that specifies the end date and time the revocation is valid. If this value is empty, the revocation information did not have a NextUpdate value present.

// Ethnio survey code removed