Merge pull request #231 from dod-ccpo/fix-crls

Update ssl crl config and certs
This commit is contained in:
patricksmithdds 2018-08-30 12:27:52 -04:00 committed by GitHub
commit fc3d4a3080
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 5 additions and 1 deletions

View File

@ -28,3 +28,7 @@ openssl verify -verbose -CAfile /tmp/test.pem -crl_check ssl/client-certs/atat.m
> atat.mil.crt: OK
```
To regenerate the crl:
`openssl ca -gencrl -keyfile client-ca.key -cert client-ca.crt -out <cert_name>.crl -config crl_openssl.conf`
`openssl crl -inform der -in client-ca.der.crl -noout -text`

Binary file not shown.

View File

@ -8,7 +8,7 @@ database = $dir/index.txt # index file.
# new_certs_dir = $dir/newcerts # new certs dir
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_crl_days = 365 # how long before next CRL
default_md = md5 # md to use
policy = policy_any # default policy

Binary file not shown.