Hi Bedanta, CRL retrieval is not a part of the EST protocol (at least not of the baseline RFC 7030) - so your client is either trying to fetch the CRL from the defined CDPs in the certificate or using the extensions from RFC8295.
In case a): your CDP is defined using HTTPS (which is not a good idea) and your webserver is not setup properly - in case b) you need to implement the server side yourself as the extensions are not supported by OpenXPKI CE. best regards Oliver Am 13.05.22 um 13:13 schrieb Bedantadeep Dutta: > Hello, > I configured an openxpki server with EST support. I am trying to check > things through a CA connector tool. The Get CA Certificate and Signed > Certificate was successful. But whenever I try the option to -Get > Certificate Revocation List [CRL] - Against Last Issued Certificate, > it's unsuccessful with an error message relating to absence of Subject > Alternative names which would match the IP address. Attached the error > logs. Kindly help. > Additional info: I replaced the IP address with "**I deleted the ip > address**" > Regards, > Bedanta > > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
