CERT_ACCESS_DESCRIPTION

The CERT_ACCESS_DESCRIPTION structure is used in CERT_AUTHORITY_INFO_ACCESS. It contains one instance of information on how to access CA information and services for the issuer of the certificate in which the CERT_AUTHORITY_INFO_ACCESS extension appears. Information and services may include on-line validation services and CA policy data.

CERT_ACCESS_DESCRIPTION is a component of CERT_AUTHORITY_INFO_ACCESS.

typedef struct _CERT_ACCESS_DESCRIPTION {
    LPSTR               pszAccessMethod;        // pszObjId
    CERT_ALT_NAME_ENTRY AccessLocation;
} CERT_ACCESS_DESCRIPTION, *PCERT_ACCESS_DESCRIPTION;
 

Members

pszAccessMethod
Specifies the object identifier for the method of access. Currently defined PKIX Access Method object identifiers are shown in the following table.
PKIX Access Method Object Identifier
szOID_PKIX_OCSP "1.3.6.1.5.5.7.48.1"
szOID_PKIX_CA_ISSUERS "1.3.6.1.5.5.7.48.2"

When szOID_PKIX_OCSP is used for the access method, the AccessLocation member describes the on-line status server and the access protocol to obtain current certificate status information for the certificate containing this extension.

When szOID_PKIX_CA_ISSUERS is used for the access method, the AccessLocation member can be used to obtain a description of the CAs that have issued certificates superior to the CA that issued the certificate containing this extension. The CA issuer's description is intended to aid certificate user's in the selection of a certification path that terminates at a point trusted by the certificate user.

AccessLocation
Describes the on-line status server and the access protocol to obtain current certificate status information for the certificate containing the extension.

See Also

CERT_AUTHORITY_INFO_ACCESS