Educause Security Discussion mailing list archives
Re: OCSP/HTTPS site issues? Certificate validation?
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Mon, 23 Jan 2012 00:07:37 -0500
Beautiful! Thanks Seth, will be tweaking our portals this week :) Jeff On 1/21/2012 10:04 AM, Seth Hall wrote:
On Jan 20, 2012, at 4:23 PM, Jeff Kell wrote:On 1/20/2012 4:20 PM, Rich Graves wrote:Make sure your registration/quarantine networks allow CRLvalidation, or at least, don't redirect requests back to the captive portal.Is there a list of such animals by domain name?I attached text files with the URLs for OCSP and CRL endpoints for all of the certificates in Mozilla's root certificate bundle. You can generate the OCSP list yourself with: curl "https://www.mozilla.org/projects/security/certs/included/" | grep -E "<ocsp>.+</ocsp>" | grep -v "<\!--" | sed -E 's/.*<ocsp>(.+)<\/ocsp>.*/\1/' | sort | uniq And you can generate the CRL list with: curl "https://www.mozilla.org/projects/security/certs/included/" | grep -E "<crl url=\"[^\"]" | sed -E 's/.*<crl url=\"(.+)\".*/\1/' | sort | uniq .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/
Current thread:
- OCSP/HTTPS site issues? Certificate validation? Shayne Ghere (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Jacobson, Dick (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Rich Graves (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Jeff Kell (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Seth Hall (Jan 21)
- Re: OCSP/HTTPS site issues? Certificate validation? Jeff Kell (Jan 22)
- Re: OCSP/HTTPS site issues? Certificate validation? Jim Cheetham (Jan 23)
- Re: OCSP/HTTPS site issues? Certificate validation? Seth Hall (Jan 25)
- Re: OCSP/HTTPS site issues? Certificate validation? Jeff Kell (Jan 20)