DCDT Discovery Test Case D17
37 views
Skip to first unread message
nscl...@gmail.com
Aug 22, 2016, 4:17:15 PM8/22/16
to Direct Certificate Discovery Tool
Hey Folks,
For Discovery Test Case D17, it looks like the CRL is on the end certificate instead of the root CA. Is this valid certificate setup?
srini
Aug 22, 2016, 10:50:49 PM8/22/16
to directt...@googlegroups.com
Hi Nick
The d...@domain9.dcdt31prod.sitenv.org endpoint should have 3 address bound certs and 1 domain bound cert that are discoverable, of which only 1 of them (address bound) is valid and has an unrevoked status - using which gives positive results. Please let us know if this addresses your question.
Thanks
Srini
On Mon, Aug 22, 2016 at 4:17 PM, <nscl...@gmail.com> wrote:
Hey Folks,For Discovery Test Case D17, it looks like the CRL is on the end certificate instead of the root CA. Is this valid certificate setup?
--
You received this message because you are subscribed to the Google Groups "Direct Certificate Discovery Tool" group.
To unsubscribe from this group and stop receiving emails from it, send an email to directtesttool+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/directtesttool.
To view this discussion on the web visit https://groups.google.com/d/msgid/directtesttool/742e7164-db98-4266-8e36-3f083dd165a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
nscl...@gmail.com
Aug 23, 2016, 3:33:58 PM8/23/16
to Direct Certificate Discovery Tool
Hey Srini,
I realize that, but I don't think it really answers my question. Why is the CRL list not attached to the root CA for these certificates? I believe the revoked status should be determined from the root CA.
On Monday, August 22, 2016 at 9:50:49 PM UTC-5, Srinivasan Adhinarayanan wrote:
Hi NickThe d...@domain9.dcdt31prod.sitenv.org endpoint should have 3 address bound certs and 1 domain bound cert that are discoverable, of which only 1 of them (address bound) is valid and has an unrevoked status - using which gives positive results. Please let us know if this addresses your question.ThanksSrini
On Mon, Aug 22, 2016 at 4:17 PM, <nscl...@gmail.com> wrote:
Hey Folks,For Discovery Test Case D17, it looks like the CRL is on the end certificate instead of the root CA. Is this valid certificate setup?
--
You received this message because you are subscribed to the Google Groups "Direct Certificate Discovery Tool" group.
To unsubscribe from this group and stop receiving emails from it, send an email to directtesttoo...@googlegroups.com.
srini
Aug 23, 2016, 4:41:17 PM8/23/16
to directt...@googlegroups.com
Hi Nick
Would it be right to say that the end certificates point to the CRLs associated with the root CA
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName:http://pki.dcdt31prod.sitenv.org:10080/dcdt31prod.sitenv.org_ca_root.crl]
]]
[DistributionPoint:
[URIName:http://pki.dcdt31prod.sitenv.org:10080/dcdt31prod.sitenv.org_ca_root.crl]
]]
Thanks
Srini
To unsubscribe from this group and stop receiving emails from it, send an email to directtesttool+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/directtesttool.
To view this discussion on the web visit https://groups.google.com/d/msgid/directtesttool/f02b7564-4941-4aef-a5a0-2f80ee30100f%40googlegroups.com.
nscl...@gmail.com
Aug 24, 2016, 2:44:07 PM8/24/16
to Direct Certificate Discovery Tool
Ah! We had old certificate setup for your tool on our server. This issue is resolved once we have the new certificate setup. Thanks!
Reply all
Reply to author
Forward
0 new messages