CRL request over HTTP - packet analysis

One of the ways a CRL can be retrieved is HTTP. Whole transaction consists of an HTTP GET and an OK 200 response packets. The response is a PKIX-CRL MIME type encoded CRL. PKIX-CRL is an IETF standard defined in RFC 2585 http://www.ietf.org/rfc/rfc2585.txt

1. CRL requester generates an HTTP query using an HTTP GET verb

HTTP header:

GET /pki/IssuingCA-DC1.crl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.2
Host: dc1.kp.local



2. Server responds with CRL encoded in PKIX-CRL MIME type

HTTP header:

HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Mon, 22 Apr 2013 08:29:51 GMT
Accept-Ranges: bytes
ETag: "d06e258f333fce1:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 21 Apr 2013 08:46:23 GMT
Content-Length: 820




WireShark decodes the PKIX-CRL. We can see all CRL extensions directly in the packet.

No comments:

Post a Comment