Commit 6f44ec0e authored by Chris Hines's avatar Chris Hines
Browse files

Update README.md

parent 846ec829
......@@ -5,4 +5,25 @@ check_ocsp.sh beta.cloud.cvl.org.au
```
check_ocsp uses OCSP (suprise!!!) to verify that the certificates have not been revoked. I think this is prefered to using CRLs
To confuse matters, I think Firefox and Safari use OCSP every time they visit a site, but Chrome does not (it uses something called CRLSets)
To confuse matters, I think Firefox and Safari use OCSP every time they visit a site, but Chrome does not
You might also want to check out
https://github.com/agl/crlset-tools
You can use commands like
```
chines@tun:~/crlset-tools$ ./crlset dump crl-set /etc/ssl/certs/QuoVadis_Root_CA_2_G3.pem
107820596210c5bfc0092ce2abca189079766e06
22559aace2195a18cf8e404896b94132a8dc4ccf
38354514e8735d6bd19081a1a8d2f73f80704d10
44915f9e749ae3af4f9b67f6ff1c82b45f444bbf
4823e5da20b8401683cc5d7dc21d3520dd690bc1
5dced5064c9e3513c0524ad49972fbc5d37e7713
5eeeb44a70e18e63c9898f202cbac164914edc05
78105ef8412c61f3b91d09275705bebf510a29dd
7ed6e79cc9ad81c4c8193ef95d4428770e341317
```
Note that the last entry is the serial number of the ICA that QuoVadis revoked inspiring all this faffing about
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment