CRL Distribution point not providet for local CA

Home Page Forums Network Management ZeroShell CRL Distribution point not providet for local CA

This topic contains 4 replies, has 0 voices, and was last updated by  sodmetaldream 11 years, 11 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #40685

    Hi! Long time… I strated using the CA to produce certificates for a program i’m developing.
    The problem i found is that the Localy generated CA doesn’t provide a CRL distribution point information with in return generates that the cert is impossible to verify…. Would it be possible to get a setting och witch public point in zs box that should be used in crl distribution and get that info stuck on at least the ca’s cert….

    Thanks for a great product.

    #45592

    webwarrior
    Member

    Yes,

    I had the same problem, and IE 7 does not like it, and gives me this page looking like an error page, with a continue link on it.

    So dump.

    Firefox at least prompts the user to accept the certificate.

    I guess Radius hosting from a domain name will be the best option.

    #45593

    imported_fulvio
    Participant

    you can obtain the CRL at the URL
    https://192.168.0.75/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509view&x509type=CRL
    or by clicking on the CRL link from the login page of the Zeroshell.

    Fulvio

    #45594

    Yes i know that too. But the information is not put into the generated root certificate as a CRL distribution point WHY?
    Because of this the user certs are useless. They cannot be validated by the recieving server. Installing the public key och ZeroShells root to the server only makes it trust the users but it canot validate the certificate…

    I’m sure there must be an option that one may use when generating the certificates but it is not used when the root i generated through the webinterface.

    Could you look into it?

    /Yours MD

    #45595

    imported_fulvio
    Participant

    Ok, I am going to add your request in my todo list. I will solve the problem as soon as possible. I think in the next release.

    Regards
    Fulvio

    #45596

    Thanks this is great news.
    Please se the first message in this thread. The setting i essential as most ZS boxes are multi homed with routing, nat… The setting would be how shall we define this zs host and then make the clr url complete with that hostname…

    Hope the next release is nerar…

    Yours
    /MD

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.