A recent change to the ssl412106.Cloudflaressl.com certificate’s CRL Distribution Point URL caused an outage to one of our customers. The new URL (shown below) needed to be added to their whitelist to fully validate the certificate. Is there a way we can prevent future customer outages related to this type of change?
Thanks for any recommendations.
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl.comodoca4.com/COMODOECCDomainValidationSecureServerCA2.crl
Is this because of a CAA record?
I don’t understand the question. Our application references files as follows:
src="https://cdnjs.Cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"
The certificate for cdnjs.Cloudflare.com was updated such that it referenced the CRL file at a new location. This new location was not accessible to the customer due to their firewall blocking it.
Your customer should configure their firewall to work properly, or disable CRL checking. CRL URLs can and do change.
This topic was automatically closed after 30 days. New replies are no longer allowed.