Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crl dp url's not being properly added to root and intermedia ca certs #17

Open
joemiller opened this issue Nov 10, 2014 · 0 comments
Open

crl dp url's not being properly added to root and intermedia ca certs #17

joemiller opened this issue Nov 10, 2014 · 0 comments

Comments

@joemiller
Copy link
Contributor

When creating a new root and intermediate CA with the --root-crl-url and --crl-url params, I expected the root-ca.crt would contain a CRL DP matching the root-crl-url and the intermediat ca.crt would contain the crl-url, but I only see the root-crl-url in the intermediate ca.crt and no crl dp in the root-ca.crt. My expectation was that the root-ca.crt would contain the --root-crl-url and the intermediate ca.crt would contain the --crl-url. Is this a bug?

certified-ca --db=test --root-password='test' \
   --root-crl-url=https://example.tld/rootca.crl  \
   --crl-url=https://example.tld/ca.crl \
   --ocsp-url=https://ocsp.example.tld \
   C="US" ST="CA" L="San Francisco" O="joe" CN=testCA

openssl x509 -text -noout -in test/certs/root-ca.crt | grep -i crl
                Non Repudiation, Certificate Sign, CRL Sign

openssl x509 -text -noout -in test/certs/ca.crt | grep -i crl
            X509v3 CRL Distribution Points:
                  URI:https://home.joeym.net/rootca.crl
                Non Repudiation, Certificate Sign, CRL Sign
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@joemiller