-
I noticed that about 15% of CRLs in the RPKI currently contain an empty list of revoked certificates. I suspect this is a bug in either krill or rpki-rs (or both).
Per [RFC 5280, section 5.1.2.6][…
-
On my RHEL9 servers starting the fetch-crl-boot.service fails with error "Failed to start LSB".
Service fetch-crl-cron is running properly:
systemd[1]: Starting LSB: Run the certificate revocation…
-
Hello,
This question is about how OpenSSL verifies certificates in a PKI that uses CRLs, and in particular the verification of the root certificate. Consider the following structure (in brackets ar…
-
Mozilla's expectations for OCSP and CRL availability do not appear to be very clear, and as a result CAs inconsistently report outages. For example, [GlobalSign reported a recent multi-day service deg…
-
Hi:
I'm using libwebsockets as wss client. I have the following problem. Would you please help to have a look?
I added a crl file to `SSL_CTX` in the `LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_C…
-
### What happened?
In my crowdsec setup, I'm using mTLS authentication with machine-specific certificates generated by a private CA (step-ca). My CA uses an intermediate certificate.
This CA confi…
-
Hello,
if i`m using a URL in Wato like http://xxxxx.domain.int/cdp/Issuing_CA(1).crl i`m getting the result "(null)". This is caused by using the special characters "()"
Without this characters th…
-
I'm trying to establish a PKI with a CRL (currently testing hence the dummy issuer values).
Unfortunately, running `openssl verify -crl_download -crl_check` fails to load the CRL from the specified d…
-
By default the CRL version number in the configuration file is v1. "For compatibility with Netscape". Time to move to v2.
-
Is there an example to illustrate this function, thanks!