cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon smallstep

Support querying OCSP and CRL in `step certificate validate` command

Open itspngu opened this issue 3 years ago • 1 comments

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

It'd be useful if the step CLI offered a simple means of (optionally via flags, or by default) querying any CRL and OCSP endpoints listed in validated certificates' AIA fields. Additionally, warnings or errors should be issued if these endpoints are unreachable or behave in incompatible ways, to highlight potential misconfigurations - I'm not sure what kind of behaviour the according specifications mandate in these cases.

Why is this needed?

Doing this with openssl and curl is cumbersome. Having this functionality as part of the step cli would suit its mission statement of being a swiss army knife for cryptographic operations very well.

itspngu avatar Feb 12 '23 09:02 itspngu

Hey @itspngu 👋 . Thanks for opening the issue! We think this is a great idea and we've added it to our next milestone. Unfortunately, we don't have a ton of time to devote to open source feature work at the moment, but we do plan on getting this in when we've got some spare cycles.

In the mean time, if someone from the community is interested in picking this one up, we'd be very glad to accept a PR. Cheers 🍻

dopey avatar Feb 22 '23 06:02 dopey

this was released :) @hslatman

redrac avatar Jun 14 '24 20:06 redrac

Thanks for the heads up, @redrac 😄

hslatman avatar Jun 17 '24 07:06 hslatman