Zentyal Forum, Linux Small Business Server
Zentyal Server => Other modules => Topic started by: RAB on April 20, 2023, 10:58:15 am
-
The Zentyal (7.0) Certificate Authority allows for revocation of certificates.
However - it seems that the CA is not configured to provide certificate revocation information.
I noticed this when using curl to query a web server which uses a Zentyal CA provided certificate (of course with the Zentyal root CA provided to curl using --cacert).
Looking at the certificates no CRL endpoints are included, nor any reference to OCSP.
(Inspect for example the certificate of github.com and such information is included)
>> Is it correct that Zentyal CA does not provide certificate revocation information?
--> If so - has anyone succeeded in adding this functionality and how?
--> If not so - what is/are the endpoint(s) for CRL and/or OCSP - and how can I include this information in the Zentyal CA generated certificates?