Hey Benoit,
that can be fixed.
First. put your RA/PUB online. The CRL is served by the PUB interface.
Assuming you do'nt want that, there is no simple solution. During the check
of the certificate chain the revocation check is done for every certificate
in the chain. Therefore the issuer of the certificate is taken, and the CRL
distribution point is read from that certificate. The CRL is loaded and the
first certificate checked against this CRL. Means: The CDP from your issuer
certificate is used to determine where the CRL is found. If your chain
consists only of a root certificate (of the CA) and user certificates, you
are screwed. In that case you have to reissue a root certificate (but do not
have to reinstall OpenCA). If your chain is longer than that, you only have
to revoke and reissue the issuer certifcate of your end user certificates
(much easier).
Hope that helps.
Regards
Felix
2011/7/12 Dansereau, Benoit <benoit.danser...@bnc.ca>
> Hi there,
>
>
>
> We have a 1.1.1 openca in place and we experience timeout issue with the
> crl listed in the signed certificate cause the CA is not online. I’ve
> already found the way to take care of the new Web Server that we signed. We
> are looking for a way do to the same with the root CA itself!
>
>
>
> Can that be fix without starting from scratch?
>
>
>
> Regards,
>
>
>
> Benoit
>
>
>
> CONFIDENTIALITÉ : Ce document est destiné uniquement à la personne ou à
> l'entité à qui il est adressé. L'information apparaissant dans ce document
> est de nature légalement privilégiée et confidentielle. Si vous n'êtes pas
> le destinataire visé ou la personne chargée de le remettre à son
> destinataire, vous êtes, par la présente, avisé que toute lecture, usage,
> copie ou communication du contenu de ce document est strictement interdit.
> De plus, vous êtes prié de communiquer avec l'expéditeur sans délai ou
> d'écrire à confidential...@bnc.ca et de détruire ce document
> immédiatement. CONFIDENTIALITY: This document is intended solely for the
> individual or entity to whom it is addressed. The information contained in
> this document is legally privileged and confidential. If you are not the
> intended recipient or the person responsible for delivering it to the
> intended recipient, you are hereby advised that you are strictly prohibited
> from reading, using, copying or disseminating the contents of this document.
> Please inform the sender immediately or write to confidentiality@nbc.caand
> delete this document immediately.
>
>
> ------------------------------------------------------------------------------
> AppSumo Presents a FREE Video for the SourceForge Community by Eric
> Ries, the creator of the Lean Startup Methodology on "Lean Startup
> Secrets Revealed." This video shows you how to validate your ideas,
> optimize your ideas and identify your business strategy.
> http://p.sf.net/sfu/appsumosfdev2dev
> _______________________________________________
> Openca-Users mailing list
> Openca-Users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openca-users
>
>
------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
