When creating a new root and intermediate CA with the --root-crl-url and --crl-url params, I expected the root-ca.crt would contain a CRL DP matching the root-crl-url and the intermediat ca.crt would contain the crl-url, but I only see the root-crl-url in the intermediate ca.crt and no crl dp in the root-ca.crt. My expectation was that the root-ca.crt would contain the --root-crl-url and the intermediate ca.crt would contain the --crl-url. Is this a bug?
certified-ca --db=test --root-password='test' \
--root-crl-url=https://example.tld/rootca.crl \
--crl-url=https://example.tld/ca.crl \
--ocsp-url=https://ocsp.example.tld \
C="US" ST="CA" L="San Francisco" O="joe" CN=testCA
openssl x509 -text -noout -in test/certs/root-ca.crt | grep -i crl
Non Repudiation, Certificate Sign, CRL Sign
openssl x509 -text -noout -in test/certs/ca.crt | grep -i crl
X509v3 CRL Distribution Points:
URI:https://home.joeym.net/rootca.crl
Non Repudiation, Certificate Sign, CRL Sign
When creating a new root and intermediate CA with the
--root-crl-urland--crl-urlparams, I expected theroot-ca.crtwould contain a CRL DP matching the root-crl-url and the intermediatca.crtwould contain the crl-url, but I only see the root-crl-url in the intermediateca.crtand no crl dp in theroot-ca.crt. My expectation was that theroot-ca.crtwould contain the--root-crl-urland the intermediateca.crtwould contain the--crl-url. Is this a bug?