Menu
▾
▴
Re: [Ejbca-develop] Choose date CRL
|
From: Andreas K. <ku...@tr...> - 2015-10-19 10:15:13
|
Hi Luc, sorry, but I have to agree with Michael: Your planning for upfront creation of CRL sounds an 'intential circumvention' of the auditor's requirements. Wouldn't recommend such an approach! Any, infor regarding indirect CRL can be found in http://www.ietf.org/rfc/rfc5280.txt, just look for 'indirect'. The advantage of indirect CRL: it's signed by another key, not the issuer's key. You may have to discuss the usage of an indirect CRL with your auditor ... Greetings, Andreas > Hi, > > Yes this is because of accessibilty restrictions of the signing key. We > can't set a period of one year (because of a certification). We must set a > period of one month. > > Can you explain me what is an indirect CRL ? > > Thanks for your answer. > > Regards, > > > > > 2015-10-19 8:32 GMT+02:00 Andreas Kuehne <ku...@tr...>: > >> Hi Luc, >> >> you outlined a strange requirement ;-) >> Why just create a CRL with a validity of one year? You obviously don't >> want to issue in monthly base ... >> >> Do you want to preproduce because of accessibilty restrictions of the >> signing key? If yes, maybe you're Vetter off with an indirect CRL? >> >> Greetings, >> >> Andreas >> >> Am 18. Oktober 2015 19:18:33 MESZ, schrieb Luc Pallavidino < >> luc...@gm...>: >> >>> Hi, >>> >>> We use EJBCA, and we have a question. Is it possible to pre-generate CRL ? >>> We must generate one CRL by month, and we want to generate the 12 CRLs in >>> one time. Each CRL must have a validity period différent (01/01 to 01/31, >>> 02/01 to 28/02, ...) >>> >>> Is there a way to do it ? >>> Is there a way to set custom date begin and date end to CRL ? >>> >>> Thanks a lot for your ansmer. >>> >>> Regards, >>> >>> -- >>> >>> Pallavidino Luc Tél. : +33-6-8070-3133 >>> Mail : luc...@gm... <pal...@ho...> >>> Ingénieur en monétique et sécurité des systèmes >>> >>> >>> ------------------------------ >>> >>> ------------------------------ >>> >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >>> >> -- >> >> Andreas Kühne >> phone: +49 177 293 24 97 >> mailto: ku...@tr... >> >> Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna >> Amtsgericht Hamm HRB 5868 >> >> Directors Andreas Kühne, Heiko Veit >> >> Company UK Company No: 5218868 Registered in England and Wales >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop -- Andreas Kühne phone: +49 177 293 24 97 mailto: ku...@tr... Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Directors Andreas Kühne, Heiko Veit Company UK Company No: 5218868 Registered in England and Wales |
