Author Topic: Zentyal CA - CRL / OCSP  (Read 784 times)

RAB

  • Zen Apprentice
  • *
  • Posts: 42
  • Karma: +2/-0
    • View Profile
Zentyal CA - CRL / OCSP
« on: April 20, 2023, 10:58:15 am »
The Zentyal (7.0) Certificate Authority allows for revocation of certificates.

However - it seems that the CA is not configured to provide certificate revocation information.

I noticed this when using curl to query a web server which uses a Zentyal CA provided certificate (of course with the Zentyal root CA provided to curl using --cacert).

Looking at the certificates no CRL endpoints are included, nor any reference to OCSP.
(Inspect for example the certificate of github.com and such information is included)


>> Is it correct that Zentyal CA does not provide certificate revocation information?
--> If so - has anyone succeeded in adding this functionality and how?
--> If not so - what is/are the endpoint(s) for CRL and/or OCSP - and how can I include this information in the Zentyal CA generated certificates?