4.10 Certificate status services

来源:Let's Encrypt 浏览 338 扫码分享 2020-12-08 22:14:49

4.10 Certificate status services

4.10 Certificate status services

4.10.1 Operational characteristics

Revocation entries on a CRL or OCSP Response MUST NOT be removed until after the Expiry Date of the revoked Certificate.

4.10.2 Service availability

The CA SHALL operate and maintain its CRL and OCSP capability with resources sufficient to provide a response time of ten seconds or less under normal operating conditions.

The CA SHALL maintain an online 24x7 Repository that application software can use to automatically check the current status of all unexpired Certificates issued by the CA.

The CA SHALL maintain a continuous 24x7 ability to respond internally to a high-priority Certificate Problem Report, and where appropriate, forward such a complaint to law enforcement authorities, and/or revoke a Certificate that is the subject of such a complaint.

4.10.3 Optional features

No stipulation.

当前内容版权归 Let's Encrypt 或其关联方所有，如需对内容或内容相关联开源项目进行关注与资助，请访问 Let's Encrypt .

本文档使用 BookStack 构建