> From: edr
> Sent: Friday, 11 March, 2022 03:59
>
> On 10.03.2022 20:27, Michael Wojcik wrote:
> > Personally, I'd be leery of using openssl ca for anything other than
> dev/test purposes, in which case frequent CRL generation seems unlikely to
> be a requirement. AIUI, openssl ca isn't really
On 10.03.2022 20:17, Michael Ströder via openssl-users wrote:
>
> Are you 100% sure all the software used by your relying participants is
> capable of handling the X509v3 extensions involved?
>
> In practice I saw software miserably fail validating such certs and CRLs. Or
> also CAs failed to
> From: openssl-users On Behalf Of
> Michael Ströder via openssl-users
> Sent: Thursday, 10 March, 2022 12:17
>
> On 3/10/22 14:06, edr dr wrote:
> > At the same time, I do not want to store passwords used for
> > certificate creation in cleartext anywhere.
Personally, I'd be leery of using
On 3/10/22 14:06, edr dr wrote:
I would like to be able to automate the process of updating CRLs in
order to be able to keep the CRL validity time short.
Understandable.
At the same time, I do not want to store passwords used for
certificate creation in cleartext anywhere.
It's a pity that
Dear all,
I am building a private PKI using the openssl "ca" functionality.
My setup includes a root CA that issues intermediate certificates and
intermediate CAs issuing endpoint certificates.
I would like to be able to automate the process of updating CRLs in order to be
able to keep the CRL