# # CRL verfication of certs obtained from SSL sites # globals certNetFetchEnable = false crlNetFetchEnable = true useSystemAnchors = true # alternate these two on successful runs, flip either one for failure allowUnverified = true requireCrlIfPresent = false end ### ### all these (until further notice) get CRLs from crl.verisign.com ### echo "=================================" test = "www.amazon.com" revokePolicy = crl cert = amazon_v3.100.cer cert = amazon_v3.101.cer sslHost = www.amazon.com requireCrlIfPresent = true end echo "=================================" test = "www.cduniverse.com" revokePolicy = crl cert = cduniverse_v3.100.cer cert = cduniverse_v3.101.cer sslHost = www.cduniverse.com allowUnverified = false end echo "=================================" test = "store.apple.com" revokePolicy = crl allowUnverified = false cert = apple_v3.100.cer cert = apple_v3.101.cer sslHost = store.apple.com end echo "=================================" test = "www.wellsfargo.com" revokePolicy = crl allowUnverified = false cert = wellsfargo_v3.100.cer cert = wellsfargo_v3.101.cer sslHost = www.wellsfargo.com end #echo "=================================" # # this server's cert has expired and they don't have a new one yet # #test = "www.xdss.com" #revokePolicy = crl #requireOcspIfPresent = true #cert = xdss_v3.100.cer #cert = xdss_v3.101.cer #sslHost = www.xdss.com #end echo "=================================" test = "www.verisign.com" revokePolicy = crl allowUnverified = false cert = verisign_v3.100.cer cert = verisign_v3.101.cer # # This one is the root, which SSL server sent us. # Leave it in for variety. # cert = verisign_v3.102.cer sslHost = www.verisign.com end echo "=================================" test = "accounts.key.com" revokePolicy = crl allowUnverified = false cert = keybank_v3.100.cer cert = keybank_v3.101.cer # # This one is the root, which SSL server sent us. # Leave it in for variety. # cert = keybank_v3.102.cer sslHost = accounts.key.com end echo "=================================" test = "secure.authorize.net" revokePolicy = crl allowUnverified = false cert = secauth_v3.100.cer cert = secauth_v3.101.cer sslHost = secure.authorize.net end ### ### CRLs from crl.thawte.com ### ### ### CRL from http://crl.geotrust.com, issued by Equifax ### echo "=================================" test = "www.firstamlink.com" revokePolicy = crl cert = firstamlink_v3.100.cer sslHost = www.firstamlink.com requireCrlIfPresent = true end # # cert and CRL from entrust # temp disabled... # #echo "=================================" #test = "accesd.desjardins.com" #revokePolicy = crl #cert = entrust_v3.100.cer #cert = entrust_v3.101.cer #sslHost = accesd.desjardins.com #requireCrlIfPresent = true #end # # Secure Server Certification Authority # CRL http://SVRSecure-crl.verisign.com/SVRSecure.crl # echo "=================================" test = "www.netfile.state.co.us" revokePolicy = crl requireCrlIfPresent = true cert = netfile.state.co_v3.100.cer cert = netfile.state.co_v3.101.cer sslHost = www.netfile.state.co.us end