Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regarding defining OCSP URL for revoked certificates #117

Open
pawan25062 opened this issue Apr 6, 2018 · 1 comment
Open

Regarding defining OCSP URL for revoked certificates #117

pawan25062 opened this issue Apr 6, 2018 · 1 comment
Assignees
@pawan25062

Comments

@pawan25062
Copy link

Hi Idan,

We tried to create certificates with CRL extensions. But need clarify that why OCSP and CRL both URLs needed in certificates:

        Authority Information Access:
            OCSP - URI:http://ocsp.testharness.cbsd.winnf.github.com/

        X509v3 CRL Distribution Points:

            Full Name:
              URI:http://testharness.cbsd.winnf.com/crlserver.crl

Could you please confirm, why this OCSP URL is needed in this certificate.

Regards,
Pawan Jangid
@idanrazisr
Copy link
Contributor

Hi Pawan,
for revoked certificates the device checking the certificate status can use either OCSP or CRL so I put both inside the certificate. This is also according to WINNF-TS-0022 v1.1.0 CBRS PKI.
Currently for testing purposes we will go with the CRL method (SAS vendors are also using the CRL method for now), but the X.509 certificate has both OCSP and CRL.

@idanrazisr idanrazisr assigned pawan25062 and unassigned idanrazisr Apr 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pawan25062 pawan25062

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@idanrazisr @pawan25062