Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get-CertificateRevocationList does not parse OID 2.5.29.28 #149

Closed
exchange12rocks opened this issue May 23, 2021 · 4 comments
Closed

Get-CertificateRevocationList does not parse OID 2.5.29.28 #149

exchange12rocks opened this issue May 23, 2021 · 4 comments
Labels
enhancement This is a new feature request. Not a bug really. fixed-vNext The item is fixed in development code. Will be available in next release.

Comments

@exchange12rocks
Copy link

I am not sure in what cases this OID gets populated, but one case is when you have just one CDP and it points to an HTTP location. In that case, you won't have 1.3.6.1.4.1.311.21.14, but 2.5.29.28 instead.
@Crypt32
Copy link
Collaborator

Crypt32 commented May 23, 2021
edited

2.5.29.28

this OID stands for Issuing Distribution Points (IDP) extension which is used for partitioned CRLs. Although partitioned CRLs aren't supported in Microsoft Windows, ADCS supports adding IDP with default values when this setting is enabled in ADCS CDP extension:
image
this extension is not supported yet in PSPKI.

and 1.3.6.1.4.1.311.21.14 stands for Published CRL Locations, it is used by offline CAs when publishing to LDAP and this extension is added when the following checkbox is selected in ADCS CDP extension:
image
this helps certutil to find the right location in AD to publish CRL. This extension is supported by PSPKI.

In other words, these are two distinct extensions used in distinct use cases, solve different problems and aren't related to each other in any way.

@Crypt32 Crypt32 added the enhancement This is a new feature request. Not a bug really. label May 23, 2021
@exchange12rocks
Copy link
Author

Ah, yes, thank you for the clarification - I got confused.

@Crypt32 Crypt32 added question This is a general question. enhancement This is a new feature request. Not a bug really. and removed enhancement This is a new feature request. Not a bug really. question This is a general question. labels Sep 9, 2021
Crypt32 added a commit to PKISolutions/pkix.net that referenced this issue Sep 9, 2021
@Crypt32
drafted implementation for PKISolutions/PSPKI#149
1763201
Crypt32 pushed a commit to PKISolutions/pkix.net that referenced this issue Sep 11, 2021
Finished implementation for PKISolutions/PSPKI#149
ad00344
@Crypt32
Copy link
Collaborator

Crypt32 commented Sep 11, 2021

I've added native support for Issuing Distribution Point CRL extension.

@Crypt32 Crypt32 added the fixed-vNext The item is fixed in development code. Will be available in next release. label Sep 11, 2021
@Crypt32
Copy link
Collaborator

Crypt32 commented Jun 15, 2023

Fixed in v4.0.0

@Crypt32 Crypt32 closed this as completed Jun 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement This is a new feature request. Not a bug really. fixed-vNext The item is fixed in development code. Will be available in next release.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Crypt32 @exchange12rocks