Description:
|
tmnxPkiCAProfAtCrlUpdScheduleT OBJECT-TYPE
SYNTAX INTEGER {nextUpdateBased(1), periodic(2)}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdScheduleT specifies the type of time
scheduler to update the CRL.
The value of tmnxPkiCAProfAtCrlUpdScheduleT must be either of
'nextUpdateBased (1)' or 'periodic (2)':
Values:
nextUpdateBased(1)
The system starts updating a CRL file in
tmnxPkiCAProfAtCrlUpdPreUpdTime seconds prior to the
'nextUpdate' value of the current CRL. It will try to download
the CRL file from each URL location in order until it finds one
that qualifies. If none of the configured URLs work or none
of the downloaded CRLs qualifies, the system will wait for
tmnxPkiCAProfAtCrlUpdRetryIntv seconds before attempting to
download the CRL file again. In this case, if
tmnxPkiCAProfAtCrlUpdRetryIntv is zero, the system will stop
attempting to update the CRL file and
tmnxPkiCAProfCrlCurUpdStatus is set to 'stopped (4)'.
If the 'nextUpdate' field is missing from the CRL,
then the system cannot schedule the next CRL update and
tmnxPkiCAProfCrlCurUpdStatus is set to 'stopped (4)'.
If the CRL is expected to be issued without a 'nextUpdate'
field, then the periodic scheduler type should be used instead.
periodic(2)
The system updates the CRL file every
tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. It will try to
download a CRL from each URL location in order until it finds
one that qualifies. If none of the configured URLs work or
none of the downloaded CRLs qualifies, the system
will try again in tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds.
The 'nextUpdate' field of the CRL, if present, is ignored in
this mode.
The cases that a downloaded CRL does not qualify are:
- the downloaded CRL file cannot be decoded by the system (e.g.,
wrong file type, truncated content)
- the downloaded CRL is not issued by the correct Certificate
Authority (CA)
- the downloaded CRL has expired or is not yet valid
- the downloaded CRL has not been updated
The URLs are configured using tmnxPkiCAProfUrlTable."
REFERENCE
"RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile', IETF, May 2008, section 5,
'CRL and CRL Extensions Profile'."
DEFVAL {nextUpdateBased}
|
|