-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for crlDistributionPoints? #71
Comments
This is not, currently. |
I think it's already included, if take a look at x509-types dir you can attach this info to all types or to specific ones adding required extensions:
You can add other extensions also. |
Yes, I was concerned about this too. However based on the comment by @marcoslois , I tried with a simple start. I added the following line to ... crlDistributionPoints = URI:http://ca.domain.tld/crl.pem All certificates issued since, have this CRL distribution point (obfuscated) in it. I have however revoked a test certificate and placed the new CRL at the above CDP, but somehow both Firefox and curl still accept it. Not sure how to test a revoked certificate. |
Just noticed a very good explanation in #15 here #15 (comment). There is already built-in support for CDP. Simple uncomment this line easy-rsa/easyrsa3/x509-types/COMMON Line 7 in 19a2004
No need to specifically add the line to the Shouldn't this issue be closed? |
How do I go about doing this? Seems like the x509-types folder is owned by root, so it seems like I can't modify it |
@jasonhe54 current Try:
Should copy the files. |
Personally, editing A command line option is less reliable .. |
Is there a way to specify
crlDistributionPoints
in easyrsa?The text was updated successfully, but these errors were encountered: