Replies: 2 comments
-
|
Both limitations you've hit are related to how X.509 PKI fundamentally works, not just Infisical specifically. On changing the CDP URL: Workaround for CDP URL change: If you need to point to a new URL, the cleanest approach without re-issuing the CA is to set up an HTTP 301 redirect from the old CDP URL to the new one. CRL fetchers follow redirects, so existing issued certificates will still resolve correctly. On multiple CDP URLs: Workaround for HA: Instead of multiple CDP URLs, put a load balancer or CDN (e.g. CloudFront, nginx upstream) in front of your CRL endpoint and register that single URL as the CDP. Your CRL file gets served from multiple backends, but clients see one stable URL. This is the standard HA pattern for CRL distribution. A feature request for multiple CDP entries at CA creation time would be worth opening if this is a hard requirement. |
Beta Was this translation helpful? Give feedback.
-
|
This is now supported in v0.160.4. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi everyone,
I'm currently working with the Infisical PKI module (self-hosted via Docker) and I've run into a couple of questions regarding CRL
Distribution Points (CDP):
Changing the CDP URL: I noticed that the CDP URL field in the dashboard is greyed out and cannot be edited after a CA has been created. I tried using the PATCH /v1/pki/ca/{caId} API endpoint; although I receive a successful response, the crlDistributionPoints field doesn't update or appear in the CA object. Is there a specific way to change this for an existing CA once it's active?
Multiple CDP URLs:
For high availability, I need to include multiple external CRL URLs in my certificates. Does Infisical currently support multiple URIs (e.g., comma-separated) within the CDP extension?
If this isn't supported through the standard interface yet, is there a known workaround?
Looking forward to your insights!
Beta Was this translation helpful? Give feedback.
All reactions