Post by nanzhou on Feb 18, 2022 22:17:14 GMT
Dear community,
I found X509 Certificates are currently modeled in Redfish schema as per DSP0268_2021.4. Section 6.16. However, I didn't find a corresponding resource type for Certificate Revocation Lists (CRLs).
Did I miss CRL somewhere, or currently we indeed didn't have modeled CRL.
Asked because we (Google) have use cases to install CRLs to Redfish Servers (OpenBMC based BMCs) for credentials rotation: that is, generate new root credentials, and revoke old issued certificates before expiration date. The current use case doesn't necessarily need CRL as a resource nor Redfish actions to upload CRLs. But we would like to know more about the status quo about CRLs in DMTF and future plans.
Thanks! Look forward to your replies.
I found X509 Certificates are currently modeled in Redfish schema as per DSP0268_2021.4. Section 6.16. However, I didn't find a corresponding resource type for Certificate Revocation Lists (CRLs).
Did I miss CRL somewhere, or currently we indeed didn't have modeled CRL.
Asked because we (Google) have use cases to install CRLs to Redfish Servers (OpenBMC based BMCs) for credentials rotation: that is, generate new root credentials, and revoke old issued certificates before expiration date. The current use case doesn't necessarily need CRL as a resource nor Redfish actions to upload CRLs. But we would like to know more about the status quo about CRLs in DMTF and future plans.
Thanks! Look forward to your replies.
