Univention Bugzilla – Bug 34285
Include CRL Distribution Points in Certificates
Last modified: 2019-09-12 08:58:45 CEST
It is possible to include so-called "CRL distribution points" in Certificates. These contain an http or ldap URI pointing to the Certificate Revocation List (CRL):
Since we already provide the CRL via "http://<hostname>/ucsCA.crl" we should include this hint where to find the CRL also in the Certificate itself.
Requested again via Ticket#2014081121000159
FYI: in the Baseline Requirements of the CA/Browser Forum, CRL distribution points are mandatory:
> This extension MUST be present and MUST NOT be marked critical.
> It MUST contain the HTTP URL of the CA’s CRL service.
Created attachment 7178 [details]
Add crlDistributionPoints to certificates
There is a Customer ID set so I set the flag "Enterprise Customer affected".