Utilizing openssl, I'd like to implement a root CA for our organization. Having never done this with openssl, I'm a bit confused as to how to setup a CRL for the organization.
Has anyone done this? Is there any documentation that I can dig through to check it out?
I am assuming a web server is involved in serving the CRL list. Is it as simple as setting up a special directory in apache to serve the CRL file?
UPDATE: Further investigations indicate that I need to configure something called a CDP when I issue certificates to my end devices. This will have the CRL location on the internal network. It appears I can use whatever protocol is available on the local workstation ( most prominent being http(s)/ldap(s) ), and that the best bet is http. This indicates that I can use a regular web server that simply serves the CRL file. Does that sound right to anyone who has done this? I plan on testing this out when I get home, but I would appreciate any feedback from those that have done this.
Has anyone done this? Is there any documentation that I can dig through to check it out?
I am assuming a web server is involved in serving the CRL list. Is it as simple as setting up a special directory in apache to serve the CRL file?
UPDATE: Further investigations indicate that I need to configure something called a CDP when I issue certificates to my end devices. This will have the CRL location on the internal network. It appears I can use whatever protocol is available on the local workstation ( most prominent being http(s)/ldap(s) ), and that the best bet is http. This indicates that I can use a regular web server that simply serves the CRL file. Does that sound right to anyone who has done this? I plan on testing this out when I get home, but I would appreciate any feedback from those that have done this.
Last edited: