Merge pull request #231 from dod-ccpo/fix-crls

Update ssl crl config and certs
2018-08-30 12:27:52 -04:00 · 2018-08-30 12:27:52 -04:00 · fc3d4a3080
commit fc3d4a3080
parent 1b373a975e 5eed37b3b3
4 changed files with 5 additions and 1 deletions
--- a/ssl/client-certs/README.md
+++ b/ssl/client-certs/README.md
@ -28,3 +28,7 @@ openssl verify -verbose -CAfile /tmp/test.pem -crl_check ssl/client-certs/atat.m
 > atat.mil.crt: OK
 ```

+To regenerate the crl:
+
+`openssl ca -gencrl -keyfile client-ca.key -cert client-ca.crt -out <cert_name>.crl -config crl_openssl.conf`
+`openssl crl -inform der -in client-ca.der.crl -noout -text`
--- a/ssl/client-certs/client-ca.der.crl
+++ b/ssl/client-certs/client-ca.der.crl
--- a/ssl/client-certs/crl_openssl.conf
+++ b/ssl/client-certs/crl_openssl.conf
@ -8,7 +8,7 @@ database       = $dir/index.txt        # index file.
 # new_certs_dir  = $dir/newcerts         # new certs dir

 default_days   = 365                   # how long to certify for
-default_crl_days= 30                   # how long before next CRL
+default_crl_days = 365                 # how long before next CRL
 default_md     = md5                   # md to use

 policy         = policy_any            # default policy
--- a/tests/fixtures/crl/client-ca.der.crl
+++ b/tests/fixtures/crl/client-ca.der.crl