For firewall purposes, trying to identify the cert revocation URL's for the major root CA's. Are these documented somewhere?
Asked
Active
Viewed 151 times
0
-
1you can try to lookup at CA vendor web sites, some of them publish URLs to their certificates and CRLs, but not all do that and there is no single authoritative resource with such URLs. – Crypt32 Apr 27 '20 at 14:27
1 Answers
1
In addition to Crypt32's answer you should be able to get a CRL from a certificate itself. For instance if you look at the certificate for https://www.google.com (using a browser) you can see a CRL distribution point of http://crl.pki.goog/GTS1O1.crl The two certificates above it in the chain also have CRLs.
Julian
- 317
- 3
- 9