[Pki-users] Need help in setting up CRL distribution point
Christina Fu
cfu at redhat.com
Mon Nov 19 19:50:21 UTC 2018
Hi,
I am not sure if I completely understand your question. If you are asking
how one could create a profile that takes the CRL distribution point url
from the cert request submitted via SCEP, then you might want to try the
UserSuppliedExtension:
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html-single/administration_guide/#User_Supplied_Extension_Default
where if you were to follow the example, you'd want to use the OID for CRL
distribution point instead, which is 2.5.29.31
Hope this helps,
Christina
On Wed, Oct 31, 2018 at 6:39 AM Akshath Hegde <arhsagar at gmail.com> wrote:
> Hi. I have installed the dogtag pki on centos 7. My client is a router
> which uses scep for enrollment. I'm able to authenticate and enroll. But
> I'm having trouble in setting up the CRL distribution point. The client
> seems to be sending the scep request with a specific URL everytime. So I
> need to modify the location where the CRL is placed and the URL to which
> the scep server responds and publish this with the certificate. Right now I
> can see this is the request -
> ca/ee/ca/getCRL?operation=getCRL&crlIssuingPoint=MasterCRL. I modified the
> caRouterCert.cfg profile to change the URL that gets published. But Im not
> able to figure out how to change the location and map the URI to that. Any
> help would be appreciated
>
> Thanks
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20181119/a35b3a87/attachment.htm>
More information about the Pki-users
mailing list