Re: OpenSSL question
- From: Patrick J Kobly <patrick@xxxxxxxxx>
- Date: Wed, 02 Jan 2008 11:52:47 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
mgk.mailing wrote:
Hi All
I'm Working on a certificate authority using open ssl and have been for
the most part successful over the last 6 months. Now the trial period
is over there has been one thing i keep stubbing my toe on and i was
hoping someone would be able to help/point me in the right direction.
I am trying to encode the CRL location into the certificates so that
they can be automatically updated to revoked certificates. I know that
alot of devices allow you to specify the address manually but was hoping
that you could generate it as part of either the root CA certificate,
Signed device certificate or the signed crl.
See RFC2459 for info on the crlDistributionPoints extension, and openssl
doco for same. (Basically, an option that looks like:
crlDistributionPoints=URI:http://www.example.com/my.crl) in the relevant
section of openssl.cnf)... Also,
nsCaRevocationUrl=http://www.example.com/my.crl for an non-standard
pointer that still appears to be used...
PK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHe91/CODE1AJ6UNoRAgKMAJ0TZwo42zvlxSbXC9+wm+dqEE6dRwCfQm6B
DukjJ4KFT7O/psauil1kpg0=
=67XG
-----END PGP SIGNATURE-----
- Follow-Ups:
- Re: OpenSSL question
- From: mgk.mailing
- Re: OpenSSL question
- References:
- OpenSSL question
- From: mgk.mailing
- OpenSSL question
- Prev by Date: Re: OpenSSL question
- Next by Date: RE: Web conferencing server and AD
- Previous by thread: OpenSSL question
- Next by thread: Re: OpenSSL question
- Index(es):
Relevant Pages
|
