I have multiple intermediate CA servers creating certs. I can see these new certs been added to index.txt. My question is on cert revocation. If Server 1 creates a cert then server 1 goes down. Then I go to server 2 to revoke this cert how does server 2 know about this certificate? Is it possible to share index.txt information across multiple CA servers. Reason using multiple servers is for high availability
Multiple intermediate CA servers sharing index.txt cert file
169 views Asked by cloonacool At
0
There are 0 answers
Related Questions in SSL
- Django's previous settings prevent connecting to localhost
- SSL error when redirecting from one lightsail subdomain to lightsail subdomain on different account
- HTTP Requests from SSL Secured(HTTPS) Domain Failing
- Reversed TLS re-connection issue
- Nginx configuration file and SSL certificate errors in Docker
- IBM DB2 console doesn't work after SSL certificate update
- mTLS not working with FastAPI and Uvicorn
- WSO2 change localhost - ERR_CERT_AUTHORITY_INVALID
- KeyCloak Handshake causing timeout
- Python SSL Error , Server side - Client certificate verify failing with Intermediate cert - self-signed certificate in certificate chain (_ssl.c:1007)
- Apps migrated from IIS server1 to another IIS server2 stopped communicating with an App on IIS server 1 via SSL (HTTPS)
- Let Artifactory use HTTPS settings
- Even though I added my SSL certificate, I get the "not secure" error
- CST 0001 ERRO [comm.tls] ClientHandshake -> Client TLS handshake failed after 173.725µs with error EOF remoteaddress=127.0.0.1:7051
- ERR_SSL_PROTOCOL_ERROR generated using X509 certificate with Kestrel hosting in .NET 8 on Linux
Related Questions in OPENSSL
- openssl: EVP_PKEY_derive failure
- Python SSL Error , Server side - Client certificate verify failing with Intermediate cert - self-signed certificate in certificate chain (_ssl.c:1007)
- Why/How does Apache auto-include "DHE" TLS1.2 ciphers while nginx needs "dhparams" file?
- OpenSSL3.0 RSA Signature Verification in C
- ESP8266 - Unable to connect to MQTT Server via SSL (mutual authentication)
- CherryPy SSL Built-in Adapter Causing Port Contention with Netcat
- Cannot Load OpenSSL in IIS
- Flutter SecureSocketServer transfer
- openssl pbkdf2 and perl
- OpenSSL with C++ app - getting undefined references during compilation
- Restore sha-1 certificate fingerprint on OpenSSL without setting security level to zero
- SSL for PostgreSQL connection nodejs and express to conection on render host service
- Decrypt ruby DES-EDE3-CBC encrypted data in Python
- Recursively calculate SHA256 sum of all files in directory using OpenSSL
- Deterministic CTR_DRBG in OpenSSL
Related Questions in CERTIFICATE
- Create aws certification for domain
- How can I create a simple signed certificate for my Windows Forms .NET app in Visual Studio 2022
- Problem validating server certificate connecting to a Kafka cluster
- connecting to secure server from Java application without importing certificate to keystore
- Inside Windows 2016 : error message : "Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
- Visual Studio 2022 free certificate problem. "cannot import key file " how to fix
- How do I sign a powershell script with in-network server so that all clients can run script without changing execution policy?
- Mac Sonoma 14.4 Dotnet 8.0.203 SDK webapi https error
- CA certificate for .NET Maui
- Fiddler doesn't work because Chrome and Edge don't trust fiddler certificate
- openssl: try to load local ca store
- Authentication with SmartCard sending a SOAPUI request
- SSL/TLS certificate exchange/renewal needs private key of the old certificate in CSR
- Questions about p12 certificate and private key password
- ERROR: Could not install packages due to an OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /path/to/cacert.pem
Related Questions in CA
- self signed certificate in certificate chain for postgressql, Prisma, and Dockerfile
- SSL communication to support CA Certificate(Public key certificate)
- How should I submit (or at least is it possible to submit) my CSR (PKCS#10 file) to a CA that uses an HSM?
- Certificate request with CRMF format
- Delete CA certificate but it is automatically restored - need to permanently delete it
- Retrieve a List of all the CAWA Applications
- CRL is expired, but ChainStatus is telling me RevocationStatusUnknown
- Trust user-added CA certificates in Flutter application
- Certificate chain not recognised by windows
- Is there any way to remove particular user indentity from Hyperledger Fabric CA by HLF Java SDK?
- ERROR: Could not install packages due to an OSError: Could not find a suitable TLS CA certificate bundle
- Creating self signed certificates for Raspberry Pi Pico with MQTT
- WebDriver, Chome on Ubuntu add Certificate Authority from CLI
- Is it possible to change the signature algorithm of intermediate CA without changing the root CA?
- nginx optional_no_ca on but nginx is issuing 400 "The SSL certificate error"
Related Questions in CERTIFICATE-REVOCATION
- Question on Chrome's Certificate Revocation Checking
- In the X.509 CRL v2 format, why is there a requirement to duplicate the "AlgorithmIdentifier" fields?
- openssl: how to use revocation list with SSL_CTX_load_verify_locations?
- How to recognize RevocationStatusUnknown or OfflineRevocation errors on X509Certificate validation?
- Solved - SSL certificate validation fails with 'The revocation function was unable to check revocation because the revocation server was offline."
- How can openssl s_client be used to check if a TLS server presents a revoked certificate?
- Adding PDF revocation information as an signed attribute pdfRevocationInfoArchival OID 1.2.840.113583.1.1.8 is not working
- How to disable certificate revocation list (CRL) caching on IIS 10.0?
- Parsing a certificate revocation list in nodejs
- Given an X509 certificate revocation list in PEM format, how do I convert that to a list of serial numbers of revoked certificates?
- Downloading solana dev tools error: "curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012)"
- How to add CRLs to caStore created by Node-forge
- Mosquitto blocks all connections when using CRL file
- MIMEKIT MultipartSigned.Verify How can I disable Certificate Revocation list ceck?
- Okta certificate revokation
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)