Affects Version/s: None
Fix Version/s: EJBCA 7.0.0
Issue discovered during:Community
Sprint:EJBCA Sprint 20
As reported in the Forum:
Hi EJBCA team,
Again, thank you for this wonderful product, i'm using it a lot and will present it in a conference in Marseille, France as a good PKI solutions for Small and Medium Enterprises which needs a PKI.
Also, @anatom, thanks for the new setup instructions based on a previous discussion we had few months ago, they are a lot clearer
I'm here to ask/advice for a modification request for your next release:
CRL download URLs, such as
as recommanded when creating certificates for CRL Distribution Points and X509v3 Freshest CRL returns a HTTP Header 'Content-Type' set at 'application/x-x509-crl'
But from the RFC5280 named Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, section 220.127.116.11 (URL: https://tools.ietf.org/html/rfc5280#section-18.104.22.168 ), the 'Content-Type' should be 'application/pkix-crl'
I modified my own EJBCA source code, the only place I found it was in modules/ejbca-webdist-war/src/org/ejbca/ui/web/pub/CertDistServlet.java line 219
Then i ran a
$ cd ~/ejbca && ant clean deployear
And now, requests are with the recommanded 'Content-Type' header.
Maybe there's a reason for this header to have this value (compatibility support with something, request from somebody). In that case, ignore this.
Max @ KeeeX