Educause Security Discussion mailing list archives
Re: OCSP/HTTPS site issues? Certificate validation?
From: Seth Hall <seth () ICIR ORG>
Date: Sat, 21 Jan 2012 10:04:31 -0500
On Jan 20, 2012, at 4:23 PM, Jeff Kell wrote:
On 1/20/2012 4:20 PM, Rich Graves wrote:Make sure your registration/quarantine networks allow CRL validation, or at least, don't redirect requests back to the captive portal.Is there a list of such animals by domain name?
I attached text files with the URLs for OCSP and CRL endpoints for all of the certificates in Mozilla's root certificate bundle. You can generate the OCSP list yourself with: curl "https://www.mozilla.org/projects/security/certs/included/"; | grep -E "<ocsp>.+</ocsp>" | grep -v "<\!--" | sed -E 's/.*<ocsp>(.+)<\/ocsp>.*/\1/' | sort | uniq And you can generate the CRL list with: curl "https://www.mozilla.org/projects/security/certs/included/"; | grep -E "<crl url=\"[^\"]" | sed -E 's/.*<crl url=\"(.+)\".*/\1/' | sort | uniq .Seth
Attachment:
crl_urls.txt
Description:
Attachment:
ocsp_urls.txt
Description:
-- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/
Current thread:
- OCSP/HTTPS site issues? Certificate validation? Shayne Ghere (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Jacobson, Dick (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Rich Graves (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Jeff Kell (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Seth Hall (Jan 21)
- Re: OCSP/HTTPS site issues? Certificate validation? Jeff Kell (Jan 22)
- Re: OCSP/HTTPS site issues? Certificate validation? Jim Cheetham (Jan 23)
- Re: OCSP/HTTPS site issues? Certificate validation? Seth Hall (Jan 25)
- Re: OCSP/HTTPS site issues? Certificate validation? Jeff Kell (Jan 20)