Open pawan25062 opened 6 years ago
Hi Pawan, for revoked certificates the device checking the certificate status can use either OCSP or CRL so I put both inside the certificate. This is also according to WINNF-TS-0022 v1.1.0 CBRS PKI. Currently for testing purposes we will go with the CRL method (SAS vendors are also using the CRL method for now), but the X.509 certificate has both OCSP and CRL.
Hi Idan,
We tried to create certificates with CRL extensions. But need clarify that why OCSP and CRL both URLs needed in certificates:
Could you please confirm, why this OCSP URL is needed in this certificate.
Regards, Pawan Jangid