Re: Certificates Revocation Lists and Apache...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



From: nate <centos@xxxxxxxxxxxxxxxx>
> Any relation to this?
> https://issues.apache.org/bugzilla/show_bug.cgi?id=45708

I don't think so; my tests are quite simple:
  - Start from clean state (
  - Generate CA certificate
 
- Generate CASSL certificate signed by CA
  - Generate Client Certificate signed by CASSL
  - Generate Revocation Certificate signed by CASSL
All the steps are in one go (no changes of any kind in between).
In my tests, I am only using one crl file with one revocation certificate.
Tried the revocationpath and it did nothing at all for me...

> So few use CRL, I really don't see the benefit, but I suppose in
> really controlled environments it could be useful(just not to me).

The goal is to be able to distribute client certificates to filter web access to certain resources.
But we also need a way to revoke such access in the future if needed.
Lets say someone lost his laptop with his certificate or he became an evil hacker or he just left the company...
We need to disable his certificate, instead of having to regenerate the CASSL certificate and all the clients certificates... or wait for it to expire...

Thx,
JD


      
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux