Does AWS Private CA support indirect CRLs?

0

We need to maintain an indirect CRL for a multi-level PKI architecture and would like to use a single CRL issuer to accomplish this. Does AWS Private CA support the creation and management of indirect CRLs?

Dani
질문됨 일 년 전193회 조회
1개 답변
0

Hi,

Yes. AWS Private Certificate Authority (CA) supports indirect CRLs. To use indirect CRLs with AWS Private CA, you can specify one or more CDPs when creating the CRL. The CDPs can be specified as URLs or DNS names in the CRL Distribution Points extension of the CA certificate. Refer here for more details: https://docs.aws.amazon.com/privateca/latest/userguide/ca-lifecycle.html

Thanks Arun

AWS
Arun
답변함 일 년 전
  • Hi Arun, that link doesn't mention anything about configuring CDPs or indirect CRLs. I understand that it's probably possible to generate certificates with custom CDPs. My question is about whether or not AWS PCA supports the management of indirect CRLs. In other words, does PCA have the ability to automatically sign a CRL with a CA different than the issuing CA?

  • hi Dani, ACM PCA currently doesn't support automatic signing of CRL's with a different CA than the issuing CA. If you want to sign the CRL with a different CA, you will have to sign the CRL and then distribute it to the appropriate parties. Alternatively, you could configure the issuing CA to issue the CRL as and indirect CRL, where the CRL has a reference to another CRL issued by a different CA

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠