Hello I have a case where I need to be able to manage CRLs for various applications on a physically isolated network for various websites and applications.
The CRLs come in the form of files; I think they end in the extension .crl, but it is also possible that they end with the extension of .pem.
Can someone please provide a document, Blog, or something useful in order to accomplish this task.
I need to be able to do this for both RHEL6 and RHEL7 machines; if browsers are in question, we are using Google Chrome and Firefox, using RPMs.
Thank you for your assistance in advance.
Managing CRLs in RHEL{6,7}
Re: Managing CRLs in RHEL{6,7}
Have you looked at the crlutil utility? I think it'll do what you need on NSS databases (which I think firefox uses, not sure about chrome).
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58
Re: Managing CRLs in RHEL{6,7}
Hi again aks, no, I didn't know that tool exist.
Just yesterday I learned about another tool called certmgr and it looks like it might handle CRLs and CTLs.
I have a cohort who has to handle this similar tasks for Windows Servers and Windows "workstations."
I cannot find a man page on crtutil, but I just found a reference of https://linux.die.net/man/8/fetch-crl , what do you know about that tool, if anything?
I am relatively novice with respect to PKI, but it is something I have been trying to ease into; mostly using OpenSSL and everything it offers.
Thanks again aks,
Just yesterday I learned about another tool called certmgr and it looks like it might handle CRLs and CTLs.
I have a cohort who has to handle this similar tasks for Windows Servers and Windows "workstations."
I cannot find a man page on crtutil, but I just found a reference of https://linux.die.net/man/8/fetch-crl , what do you know about that tool, if anything?
I am relatively novice with respect to PKI, but it is something I have been trying to ease into; mostly using OpenSSL and everything it offers.
Thanks again aks,
Thanks,
War
War
Re: Managing CRLs in RHEL{6,7}
Sorry for the delay in replying.
I image it's in the nss-* packages (probably nss-tools or possibly nss-util).
Sorry, not familiar with fetch-crl.
I image it's in the nss-* packages (probably nss-tools or possibly nss-util).
Sorry, not familiar with fetch-crl.
- warron.french
- Posts: 616
- Joined: 2014/03/27 20:21:58