One of the ways a CRL can be retrieved is HTTP. Whole transaction consists of an HTTP GET and an OK 200 response packets. The response is a PKIX-CRL MIME type encoded CRL. PKIX-CRL is an IETF standard defined in RFC 2585 - http://www.ietf.org/rfc/rfc2585.txt
1. CRL requester generates an HTTP query using an HTTP GET verb
HTTP header:
GET /pki/IssuingCA-DC1.crl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.2
Host: dc1.kp.local
2. Server responds with CRL encoded in PKIX-CRL MIME type
HTTP header:
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Mon, 22 Apr 2013 08:29:51 GMT
Accept-Ranges: bytes
ETag: "d06e258f333fce1:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Sun, 21 Apr 2013 08:46:23 GMT
Content-Length: 820
WireShark decodes the PKIX-CRL. We can see all CRL extensions directly in the packet.
Comments
Post a Comment