question

57517361 avatar image
0 Votes"
57517361 asked Thameur-BOURBITA answered

How can i configure CDP with HTTPS

I would like to configure CDP = https://crl.test.com/test.crl
But the warning message says https protocol is not supported.


How to force CDP to https?
If impossible, could you tell reason that it's impossible?

windows-server-2019windows-server-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thameur-BOURBITA avatar image
0 Votes"
Thameur-BOURBITA answered

Hi,

Never use HTTPS protocol for crt or crl file retrieval, because Crypto API will permanently fails to fetch this URL because the client need to validate the certificate used for HTTPS protocol and to validate it the client needs to access to crl

Please don't forget to mark this reply as answer if it help you to fix your issue

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crypt32 avatar image
0 Votes"
Crypt32 answered

I would like to configure CDP = https://crl.test.com/test.crl

I'm pretty sure you don't want that. You MUST NOT serve CDP/AIA/OCSP URLs over HTTPS, use plain HTTP only. Otherwise you will enter into a endless loop while accessing CDP, because SSL certificate must be validated. Many cryptographic libraries will fail URL fetching if it is served over SSL. Leave HTTP as is.
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.