The CERT_ACCESS_DESCRIPTION structure is used in CERT_AUTHORITY_INFO_ACCESS. It contains one instance of information on how to access CA information and services for the issuer of the certificate in which the CERT_AUTHORITY_INFO_ACCESS extension appears. Information and services may include on-line validation services and CA policy data.
CERT_ACCESS_DESCRIPTION is a component of CERT_AUTHORITY_INFO_ACCESS.
typedef struct _CERT_ACCESS_DESCRIPTION {
LPSTR pszAccessMethod; // pszObjId
CERT_ALT_NAME_ENTRY AccessLocation;
} CERT_ACCESS_DESCRIPTION, *PCERT_ACCESS_DESCRIPTION;
PKIX Access Method | Object Identifier |
---|---|
szOID_PKIX_OCSP | "1.3.6.1.5.5.7.48.1" |
szOID_PKIX_CA_ISSUERS | "1.3.6.1.5.5.7.48.2" |
When szOID_PKIX_OCSP is used for the access method, the AccessLocation member describes the on-line status server and the access protocol to obtain current certificate status information for the certificate containing this extension.
When szOID_PKIX_CA_ISSUERS is used for the access method, the AccessLocation member can be used to obtain a description of the CAs that have issued certificates superior to the CA that issued the certificate containing this extension. The CA issuer's description is intended to aid certificate user's in the selection of a certification path that terminates at a point trusted by the certificate user.