Home Page › Forums › Network Management › ZeroShell › CRL Distribution point not providet for local CA
- This topic is empty.
-
AuthorPosts
-
July 5, 2007 at 9:41 am #40685
sodmetaldream
MemberHi! Long time… I strated using the CA to produce certificates for a program i’m developing.
The problem i found is that the Localy generated CA doesn’t provide a CRL distribution point information with in return generates that the cert is impossible to verify…. Would it be possible to get a setting och witch public point in zs box that should be used in crl distribution and get that info stuck on at least the ca’s cert….Thanks for a great product.
July 5, 2007 at 9:18 pm #45592webwarrior
MemberYes,
I had the same problem, and IE 7 does not like it, and gives me this page looking like an error page, with a continue link on it.
So dump.
Firefox at least prompts the user to accept the certificate.
I guess Radius hosting from a domain name will be the best option.
July 6, 2007 at 10:35 pm #45593imported_fulvio
Participantyou can obtain the CRL at the URL
https://192.168.0.75/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509view&x509type=CRL
or by clicking on the CRL link from the login page of the Zeroshell.Fulvio
July 12, 2007 at 7:36 pm #45594sodmetaldream
MemberYes i know that too. But the information is not put into the generated root certificate as a CRL distribution point WHY?
Because of this the user certs are useless. They cannot be validated by the recieving server. Installing the public key och ZeroShells root to the server only makes it trust the users but it canot validate the certificate…I’m sure there must be an option that one may use when generating the certificates but it is not used when the root i generated through the webinterface.
Could you look into it?
/Yours MD
July 12, 2007 at 9:07 pm #45595imported_fulvio
ParticipantOk, I am going to add your request in my todo list. I will solve the problem as soon as possible. I think in the next release.
Regards
FulvioJuly 13, 2007 at 11:36 am #45596sodmetaldream
MemberThanks this is great news.
Please se the first message in this thread. The setting i essential as most ZS boxes are multi homed with routing, nat… The setting would be how shall we define this zs host and then make the clr url complete with that hostname…Hope the next release is nerar…
Yours
/MD -
AuthorPosts
- You must be logged in to reply to this topic.