certificates
certificates copied to clipboard
smallstep
[Bug]: Chang the crl issuing distribution point url or add a url with http
Steps to Reproduce
Enabled the crl option in the configuration. Download a crl.
Your Environment
- OS - RedHat 8.9
step-caVersion - 0.25.2
Expected Behavior
It should be able to download a crl from the step ca with a http url as issuing distribution point . Or it should be possible to add a http url to the issuing distribution point. So that I have a https and a http url in the issuing distribution point field, e.g. Issuing Distribution Poin:t https://your-step-ca/1.0/crl,http://your-step-ca/1.0/crl
Actual Behavior
I cannot find a solution where I can add or exhange the issuing distribution point url with a http url in the crl. It is always a https url that looks like this https://your-step-ca/1.0/crl
Additional Context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
Hey @jojof2024, have you tried the idpURL configuration, which exists under crl?
idpURL
Hey @hslatman no I did not. Where can I find more information about "idpURL"? I cannot find this under https://smallstep.com/docs/step-ca/templates/ or https://smallstep.com/docs/step-ca/configuration/. How do I use this configuration?
Currently only in code: https://github.com/smallstep/certificates/blob/master/authority/config/config.go#L93-L100.
Is there a possibility to disable the option of a issuing distribution point in the crl? It did not help me to just change the issuing distribution point. I need it not to be included in the crl.