Feture Request - Add CRL Distribution Point to own CA Certs

Started by BGP4, March 16, 2025, 05:17:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 16, 2025, 05:17:11 PM
Please add "crlDistributionPoints" Attribute to the own Trust->CA.
Currently MS Remotedesktop, etc. forces an CRL to be present, even if it is useless in many cases.
So we need to have an option to set this cert value to an CRL url like http://crl.example.com/crl/root.crl

Also please preserve several settings like DNS Names, and all other values, if updating a certificate.
Also add an option to sync Trust/CA on 2 OPNSense firewalls as CA Backup, without having to import/export whole config.
Maybe a CA only export/import including all certs.

About the CRL Download: Pfsense already fixed it [1], we need an empty CRL as download.
nobody starts with an 1+ CRL size, most we a clean and dont need a revocation.


[1] https://github.com/pfsense/pfsense/commit/48f1333bfd64b078016135ae089906d4e03deb0e

Kind Regards
BGP4
Print
Go Up Pages1
User actions