- This topic is empty.
July 5, 2007 at 9:41 am #40685
Hi! Long time… I strated using the CA to produce certificates for a program i’m developing.
The problem i found is that the Localy generated CA doesn’t provide a CRL distribution point information with in return generates that the cert is impossible to verify…. Would it be possible to get a setting och witch public point in zs box that should be used in crl distribution and get that info stuck on at least the ca’s cert….
Thanks for a great product.July 5, 2007 at 9:18 pm #45592webwarriorMember
I had the same problem, and IE 7 does not like it, and gives me this page looking like an error page, with a continue link on it.
Firefox at least prompts the user to accept the certificate.
I guess Radius hosting from a domain name will be the best option.July 6, 2007 at 10:35 pm #45593imported_fulvioParticipant
you can obtain the CRL at the URL
or by clicking on the CRL link from the login page of the Zeroshell.
FulvioJuly 12, 2007 at 7:36 pm #45594
Yes i know that too. But the information is not put into the generated root certificate as a CRL distribution point WHY?
Because of this the user certs are useless. They cannot be validated by the recieving server. Installing the public key och ZeroShells root to the server only makes it trust the users but it canot validate the certificate…
I’m sure there must be an option that one may use when generating the certificates but it is not used when the root i generated through the webinterface.
Could you look into it?
/Yours MDJuly 12, 2007 at 9:07 pm #45595imported_fulvioParticipant
Ok, I am going to add your request in my todo list. I will solve the problem as soon as possible. I think in the next release.
FulvioJuly 13, 2007 at 11:36 am #45596
Thanks this is great news.
Please se the first message in this thread. The setting i essential as most ZS boxes are multi homed with routing, nat… The setting would be how shall we define this zs host and then make the clr url complete with that hostname…
Hope the next release is nerar…
- You must be logged in to reply to this topic.