Hi,
I'm moving all connections to certificate based encryption. All the certificates, CRLs and configurations are deployed automatically using Puppet (OK, the CRL not yet, but soon).
As i don't expect to revoke certificates a lot i'm asking me how it will behave in case when the CRL expires (root or intermediate). Will the server/proxy/agent deny further connections or will they ignore the expire date?
As Zabbix uses a local file to check revocation, a very long expire date would not matter a lot because Puppet will distribute and restart the services within 30 minutes after a certificate was revoked anyway. But would simply like to know how it would behave in such a case.
Thank you,
Urs
I'm moving all connections to certificate based encryption. All the certificates, CRLs and configurations are deployed automatically using Puppet (OK, the CRL not yet, but soon).
As i don't expect to revoke certificates a lot i'm asking me how it will behave in case when the CRL expires (root or intermediate). Will the server/proxy/agent deny further connections or will they ignore the expire date?
As Zabbix uses a local file to check revocation, a very long expire date would not matter a lot because Puppet will distribute and restart the services within 30 minutes after a certificate was revoked anyway. But would simply like to know how it would behave in such a case.
Thank you,
Urs
Comment