search

letsencrypt / boulder

An ACME-based certificate authority, written in Go.
Mozilla Public License 2.0
5.22k stars 607 forks source link

Drop revocation info for short-lived certs #7673

Open aarongable opened 3 months ago

aarongable commented 3 months ago

Add a feature flag which, if enabled and the cert has a validity period less than 7 days, results in OCSP and CRL info being omitted from the cert.

aarongable commented 2 months ago

Blocked on Microsoft root program still requiring OCSP for everything, regardless of validity period or the presence of CRLDP.