LawrenceC

Asked: 2011-03-21 09:15:12 +0800 CST2011-03-21 09:15:12 +0800 CST 2011-03-21 09:15:12 +0800 CST

Hierarchical certification authorities and CRLs

If I implement a PKI with multiple levels of CAs, do I need to have a CRL for each individual CA or can I just have one CRL for the entire hierarchy (i.e. point all certificates to a single CRL), or only a few at the upper levels of the hierarchy?

1 Answers

Voted

Best Answer

Shane Madden
2011-03-21T09:37:15+08:002011-03-21T09:37:15+08:00
Each CA will need to publish its own CRL.

The reason that it's not possible from a technical perspective to combine multiple CRLs is that each CRL needs to be cryptographically signed by the CA that generated it, so it's a 1-CA-to-1-CRL relationship.
5

Hierarchical certification authorities and CRLs

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?