CA CRL/OCSP Support #1614

andrewpmartinez · 2021-06-15T14:41:35Z

Right now when a 3rd party CA is added to the Ziti Controller there is no way to stop any one certificate, that is correctly signed/dated/etc, that has been "revoked" (either actual revocation or should be blocked for some external reason.

Options for implementation:

Add an internally managed Ziti revocation list
- Easy but if there is a managed CRL/OCSP it becomes redundant
Add CRL/OCSP lookups for enrollment, periodical checks for new revocations, and ability to force revocation checks

nenkoru · 2024-02-29T17:09:14Z

Any news on this feature?
@andrewpmartinez

andrewpmartinez · 2024-07-03T15:59:35Z

This is now being tracked on the IDP/Security board here: https://github.com/orgs/openziti/projects/25 under this issue: #2092

It is slated for release this year (Oct/Nov).

andrewpmartinez · 2024-07-03T15:59:51Z

Closing as duplicate of #2092

andrewpmartinez added enhancement New feature or request controller Issue related to the controller labels Jun 15, 2021

andrewpmartinez self-assigned this Jun 15, 2021

plorenz transferred this issue from openziti/edge Dec 14, 2023

andrewpmartinez closed this as completed Jul 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CA CRL/OCSP Support #1614

CA CRL/OCSP Support #1614

andrewpmartinez commented Jun 15, 2021

nenkoru commented Feb 29, 2024 •

edited

Loading

andrewpmartinez commented Jul 3, 2024

andrewpmartinez commented Jul 3, 2024

CA CRL/OCSP Support #1614

CA CRL/OCSP Support #1614

Comments

andrewpmartinez commented Jun 15, 2021

nenkoru commented Feb 29, 2024 • edited Loading

andrewpmartinez commented Jul 3, 2024

andrewpmartinez commented Jul 3, 2024

nenkoru commented Feb 29, 2024 •

edited

Loading