I have a question:
Suppose I create a self-signed CA (root), a sub-CA, and a client certificate. What would I fill in for the CRL distribution points of the CA certificates? Is this value the URL to where its own CRL will be published, or its parents?
Situation 1: The root has no CRL distribution point set. The sub-CA has its CRL distribution point set to where the root publishes its CRL. The client has its CRL distribution point set to where the sub-CA publishes its CRL.
Situation 2: The root has a CRL distribution point set to where it publishes its CRL. The sub-CA has its CRL distribution point set to where it publishes its CRL. The client has its CRL distribution point set to that of the sub-CA.
If you could help me out, I'd be much obliged.
Thank you for XCA! It's a great tool simplifying a complex subject!
The CRL distribution point provides information about the validity of the certificate containing the CRLdist.point extension.
So situation 1 is correct.
Ok, thank you for clarifying that.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.