Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6116

Add TTL information to CAA Tool output

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.9.1
    • Component/s: None
    • Labels:

      Description

      Current CAA tool doesn't write anything about TTL (Time To Live), which might be of interest to an admin using the tool.

      As part of the issuance process, the CA MUST check for a CAA record for each dNSName in the subjectAltName
      extension of the certificate to be issued, according to the procedure in RFC 6844, following the processing
      instructions set down in RFC 6844 for any records found. If the CA issues, they MUST do so within the TTL of
      the CAA record, or 8 hours, whichever is greater.

      https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.8-redlined.pdf

      We already retrieve this information, so it should be trivial to print out.

        Attachments

          Activity

            People

            Assignee:
            mikek Mike Agrenius Kushner
            Reporter:
            mikek Mike Agrenius Kushner
            Verified by:
            Henrik Sunmark, Samuel Lidén Borell
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 1 hour
                1h
                Remaining:
                Time Spent - 10 minutes Remaining Estimate - 50 minutes
                50m
                Logged:
                Time Spent - 10 minutes Remaining Estimate - 50 minutes
                10m