Julian Pawlowski (lists) wrote: [...] > In the meantime I found the corresponding section in > openca/etc/openssl/openssl.cnf.template. > authorityInfoAccess is predefined there and as this is the template for > the CA certificate it also is the correct place :-) > I had a look to the RFCs and decided to only link the OCSP in the CA > cert. I think I will do the same with the other crl distribution point [...] > certificate and in the ca cert (outlook or exchange owa e.g. gives a > failure while checking the crl).
Is this due to the presence of the CDP (CRL Distribution Point) in both the CA and EE (End Entity) certificates ? What happens if you have the CDP *only* in the EE certs ? Does Outlook (or exchange) works ? > Anyway, Thawte for example does not have the crl links in all certs > eather :-) This is just another example of the difficulties for extensions to be useful.. too much static.. :-( I am thinking about something different to be promoted to the IETF WG... some would like to contribute to the writing of something called "PKI Resource Query Protocol" ? Of course.. implementation is part of the fun :-D Cheers, --- Max ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
