You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Currently multiple CRLs can be created for a CA, but that workflow is unpractical for guessing which CRL may belong to which service. Currently only OpenVPN and OPNWAF use this approach to CRL selection. IPsec needs CRLs too, but we would like to make this simpler.
Describe the solution you like
For now restrict the CRL creation amount per CA to a single CRL, but leave the already created CRLs in place. Maybe mark them as deprecated.
In a later step we could actually merge them into one single CRL. If a CRL is set for a certificate it should be used so IPsec doesn't need a switch but only backend glue to place the CRL. OpenVPN and OPNWAF will lose their ability to select a CRL but will use the one that is there.
Describe alternatives you considered
Leaving the multiple CRL situation, but that has other disadvantages and people are already asking for external CRL providers as well (#6838).
Additional context
N/A
The text was updated successfully, but these errors were encountered:
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Is your feature request related to a problem? Please describe.
Currently multiple CRLs can be created for a CA, but that workflow is unpractical for guessing which CRL may belong to which service. Currently only OpenVPN and OPNWAF use this approach to CRL selection. IPsec needs CRLs too, but we would like to make this simpler.
Describe the solution you like
For now restrict the CRL creation amount per CA to a single CRL, but leave the already created CRLs in place. Maybe mark them as deprecated.
In a later step we could actually merge them into one single CRL. If a CRL is set for a certificate it should be used so IPsec doesn't need a switch but only backend glue to place the CRL. OpenVPN and OPNWAF will lose their ability to select a CRL but will use the one that is there.
Describe alternatives you considered
Leaving the multiple CRL situation, but that has other disadvantages and people are already asking for external CRL providers as well (#6838).
Additional context
N/A
The text was updated successfully, but these errors were encountered: