Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove CrlIssuer from template with CRLDP #4727

Merged
merged 1 commit into from
Apr 19, 2024
Merged

Remove CrlIssuer from template with CRLDP #4727

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 5 additions & 9 deletions base/ca/shared/profiles/ca/caCMCECserverCertWithCRLDP.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,13 +88,9 @@ policyset.serverCertSet.9.constraint.name=No Constraint
policyset.serverCertSet.9.default.class_id=commonNameToSANDefaultImpl
policyset.serverCertSet.9.default.name=copy CN to SAN Default
# The CRL Distribution Points extension describes where a CRL
# can be accessed. This extension requires:
#
# 1. setting the crlDistPointsPointName_0 parameter to the URL of the CRL
# e.g. http://host.example.com:8081/crl/ServerCertCRL.crl
# 2. setting the crlDistPointsIssuerName_0 parameter to the string
# representation of the Distinguised Name of the CRL issuer
# e.g. CN=CA Signing Certificate,O=Example-rhcs-ECC-RootCA
# can be accessed. This extension requires setting the
# crlDistPointsPointName_0 parameter to the URL of the CRL.
# E.g.: http://host.example.com:8081/crl/ServerCertCRL.crl
#
# Note: The crlDisPointsPointName example below is assuming that a CRL Distribution Point
# is set up for a smaller set of certificates, e.g. server certs used for a specific purpose,
Expand All @@ -106,8 +102,8 @@ policyset.serverCertSet.10.default.class_id=crlDistributionPointsExtDefaultImpl
policyset.serverCertSet.10.default.name=CRL Distribution Points Extension Default
policyset.serverCertSet.10.default.params.crlDistPointsCritical=false
policyset.serverCertSet.10.default.params.crlDistPointsEnable_0=true
policyset.serverCertSet.10.default.params.crlDistPointsIssuerName_0=SET_ME_TO_DN_OF_CRL_ISSUER
policyset.serverCertSet.10.default.params.crlDistPointsIssuerType_0=DirectoryName
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fmarco76 I'm unclear on this. Are we supposed to remove those two or just leave them blank like this? policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=
policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=

policyset.serverCertSet.10.default.params.crlDistPointsIssuerName_0=
policyset.serverCertSet.10.default.params.crlDistPointsIssuerType_0=
policyset.serverCertSet.10.default.params.crlDistPointsNum=1
policyset.serverCertSet.10.default.params.crlDistPointsPointName_0=http://LOCATION_OF_CRL
policyset.serverCertSet.10.default.params.crlDistPointsPointType_0=URIName
Expand Down
14 changes: 5 additions & 9 deletions base/ca/shared/profiles/ca/caCMCserverCertWithCRLDP.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,13 +78,9 @@ policyset.serverCertSet.9.constraint.name=No Constraint
policyset.serverCertSet.9.default.class_id=commonNameToSANDefaultImpl
policyset.serverCertSet.9.default.name=copy CN to SAN Default
# The CRL Distribution Points extension describes where a CRL
# can be accessed. This extension requires:
#
# 1. setting the crlDistPointsPointName_0 parameter to the URL of the CRL
# e.g. http://host.example.com:8081/crl/ServerCertCRL.crl
# 2. setting the crlDistPointsIssuerName_0 parameter to the string
# representation of the Distinguised Name of the CRL issuer
# e.g. CN=CA Signing Certificate,O=Example-rhcs-RSA-RootCA
# can be accessed. This extension requires setting the
# crlDistPointsPointName_0 parameter to the URL of the CRL.
# E.g.: http://host.example.com:8081/crl/ServerCertCRL.crl
#
# Note: The crlDisPointsPointName example below is assuming that a CRL Distribution Point
# is set up for a smaller set of certificates, e.g. server certs used for a specific purpose,
Expand All @@ -96,8 +92,8 @@ policyset.serverCertSet.10.default.class_id=crlDistributionPointsExtDefaultImpl
policyset.serverCertSet.10.default.name=CRL Distribution Points Extension Default
policyset.serverCertSet.10.default.params.crlDistPointsCritical=false
policyset.serverCertSet.10.default.params.crlDistPointsEnable_0=true
policyset.serverCertSet.10.default.params.crlDistPointsIssuerName_0=SET_ME_TO_DN_OF_CRL_ISSUER
policyset.serverCertSet.10.default.params.crlDistPointsIssuerType_0=DirectoryName
policyset.serverCertSet.10.default.params.crlDistPointsIssuerName_0=
policyset.serverCertSet.10.default.params.crlDistPointsIssuerType_0=
policyset.serverCertSet.10.default.params.crlDistPointsNum=1
policyset.serverCertSet.10.default.params.crlDistPointsPointName_0=http://LOCATION_OF_CRL
policyset.serverCertSet.10.default.params.crlDistPointsPointType_0=URIName
Expand Down
14 changes: 5 additions & 9 deletions base/ca/shared/profiles/ca/caECServerCertWithCRLDP.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,13 +74,9 @@ policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
policyset.serverCertSet.8.default.name=Signing Alg
policyset.serverCertSet.8.default.params.signingAlg=-
# The CRL Distribution Points extension describes where a CRL
# can be accessed. This extension requires:
#
# 1. setting the crlDistPointsPointName_0 parameter to the URL of the CRL
# e.g. http://host.example.com:8081/crl/ServerCertCRL.crl
# 2. setting the crlDistPointsIssuerName_0 parameter to the string
# representation of the Distinguised Name of the CRL issuer
# e.g. CN=CA Signing Certificate,O=Example-rhcs-ECC-RootCA
# can be accessed. This extension requires setting the
# crlDistPointsPointName_0 parameter to the URL of the CRL.
# E.g.: http://host.example.com:8081/crl/ServerCertCRL.crl
#
# Note: The crlDisPointsPointName example below is assuming that a CRL Distribution Point
# is set up for a smaller set of certificates, e.g. server certs used for a specific purpose,
Expand All @@ -92,8 +88,8 @@ policyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl
policyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default
policyset.serverCertSet.9.default.params.crlDistPointsCritical=false
policyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true
policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=SET_ME_TO_DN_OF_CRL_ISSUER
policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName
policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=
policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=
policyset.serverCertSet.9.default.params.crlDistPointsNum=1
policyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://LOCATION_OF_CRL
policyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName
Expand Down
14 changes: 5 additions & 9 deletions base/ca/shared/profiles/ca/caServerCertWithCRLDP.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,13 +74,9 @@ policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
policyset.serverCertSet.8.default.name=Signing Alg
policyset.serverCertSet.8.default.params.signingAlg=-
# The CRL Distribution Points extension describes where a CRL
# can be accessed. This extension requires:
#
# 1. setting the crlDistPointsPointName_0 parameter to the URL of the CRL
# e.g. http://host.example.com:8081/crl/ServerCertCRL.crl
# 2. setting the crlDistPointsIssuerName_0 parameter to the string
# representation of the Distinguised Name of the CRL issuer
# e.g. CN=CA Signing Certificate,O=Example-rhcs-RSA-RootCA
# can be accessed. This extension requires setting the
# crlDistPointsPointName_0 parameter to the URL of the CRL.
# E.g.: http://host.example.com:8081/crl/ServerCertCRL.crl
#
# Note: The crlDisPointsPointName example below is assuming that a CRL Distribution Point
# is set up for a smaller set of certificates, e.g. server certs used for a specific purpose,
Expand All @@ -92,8 +88,8 @@ policyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl
policyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default
policyset.serverCertSet.9.default.params.crlDistPointsCritical=false
policyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true
policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=SET_ME_TO_DN_OF_CRL_ISSUER
policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=DirectoryName
policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=
policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=
policyset.serverCertSet.9.default.params.crlDistPointsNum=1
policyset.serverCertSet.9.default.params.crlDistPointsPointName_0=http://LOCATION_OF_CRL
policyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName
Expand Down
Loading