Q: CRL handling for multiple CAs

3 Jun 2025


      Hi!
I have a question:
olcTLSCRLFile is SINGLE-VALUE in OpenLDAP 2.5
When I have different Sub-Cas (say one issuing host certificates, while another issues user certificates) I can handle only one CRL file obviously.
Can this scenario be handled in OpenLDAP 2.5 (maybe like concatenating multiple CRLs)?
What if the restriction SINGLE-VALUE is dropped?
What about the idea adding a second token to olcTLSCRLFile that specifies a regex that must match the certificates subject to use that CRL?
Kind regards,
Ulrich Windl

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Q: CRL handling for multiple CAs